In the lead up to paying a deposit on a new house, you receive an email from a familiar address, your solicitor, with the payment invoice. Even though you triple-check that the amount, BSB and account number are correct, you end up paying the wrong person.
You may have been sent altered details to begin with – and that large sum has now gone to a scammer.
Business email compromise scams or payment redirection scams happen when a recipient receives a legitimate looking email requesting a payment to new or updated account details.
In 2022, these scams saw Australians lose a total of $224 million.
A scammer gets into the system of a supplier or conveyancer, intercepts the email requesting the payment of an invoice, and makes changes. The letterhead is correct, the business name and email address remain the same, but it is a new BSB and ABN – a trap has been set for the victim to pay them directly into the rogue account.
This scam is perpetrated against all businesses but is particularly effective in those that receive large one-off payments from individuals, such as paying a conveyancer a house deposit, or paying a builder for a renovation.
This is perhaps the hardest scam to spot, since it’s usually an expected bill, and victims can lose millions in a single transaction.
Here are a few tips to avoid falling for the trap:
Verify any banking information verbally when receiving requests for new, urgent, or redirected payments and ensure you verify through a phone number you have sourced yourself. Do not call a number provided to you within the email or invoice.
Request to pay suppliers using a PayID. PayID displays the registered payee name, so if it's not your intended recipient you will know.
Use multifactor authentication and dual payment approvals where available. If you are a small business, ensure email servers are secured with two-factor authentication to avoid people hacking into your email and sending out fake invoices. It’s also crucial to ensure that staff are well trained and know not to click on any strange emails.
It’s important to remember that all electronic communication platforms can be hacked. Being aware that scams can come from seemingly trusted sources can save you a whole world of trouble.
For information on the latest scams, go to Westpac's Latest Scams & Alerts info.