The ACCC reports that Australian companies lost more than $ 14 million as a result of payment redirect fraud, with an average loss in 2021 more than five times the average loss of the same period last year.
This scam, also known as a business email scam, impersonates a company or employee via email and requires payment to a fraudulent account.
ACCC Vice President Delia Rickard said there are increasing reports of significant losses from businesses, sports and community clubs.
“There are more reports from sports clubs and community clubs that reported losses of over $ 55,000 in payment redirect scams last year. Similar numbers are likely to be seen this year, with $ 18,000 so far in 2021. Has been reported to have been lost, “said Rickard.
According to the ACCC, one of the victims was once after the fraudster hacked the staff’s email and redirected the payment to the fraudster’s personal bank account and then sent the updated bank details to the customer. Lost an estimated $ 16,500 in the transaction.
The ACCC recommends that all companies take the time to carefully examine their email addresses to determine if they are genuine before acting on financial instructions.
“Payment redirect scams affect businesses in many industries, including real estate, construction, law, recruitment, and college,” says Likert. “Prevention is very important because it can be difficult to recover the money lost in payment redirect scams.”
“Scammers are less likely to be familiar with the employer’s financial process and the types of demands they expect from their bosses, so they tend to target new hires, juniors, and even volunteers,” Likert said. I am.
“Organizations are advised to make sure that their staff are well trained in the company’s payment process and pay attention to payment redirect scams,” she said.
The ACCC says it is currently receiving reports of cybercriminals using different methods in these schemes. For example, pretending to be a staff member, paying an employee’s salary to a fraudster’s bank account, hacking a legitimate email account, and demanding that the real thing be intercepted. An invoice to correct bank details before releasing an email to the intended recipient.
“Whenever there is a request to change payment details, check with your organization using the stored contact details instead of the contact you are requesting,” Likert said. I will.