Invoice Payment Fraud


The ADF wishes to remind all customers to beware of invoice email scams as they can result in potentially large losses if not detected.
 

This scam involves scammers pretending to be legitimate suppliers advising changes to payment arrangements or bank account details held on file. The scammer will send an email which is disguised to appear almost identical to the legitimate suppliers’ email advising updated account information and potentially requesting payment.

How the scam works
This is quite a sophisticated scam where the scammers work very hard to make you believe the account details and payment requests are legitimate.

  •  Scammers hack into/intercept supplier email accounts and obtain information including customer lists, bank details and previous invoices.
  • An email is then sent to you which appears as though it is from a known supplier requesting a change to the usual payment details and may also include a request for payment.
  • The scammers either disguise the email address they are sending the email from or they have created a new address that appears almost identical to the legitimate one, this is called ‘spoofing’.  Spoofed emails can be quite difficult to detect.  For example the legitimate address is bob.smith@abctrading.com.au and the spoofed address could be bob.smith@abctrading.com or bob.smith@acbtrading.com.au
  • The scam email will often contain a copy of the suppliers logo, use the same message format and style and in some cases may even include an attachment on company letterhead which they obtained as part of their hack.  It may even contain links to websites that are convincing fakes of the suppliers real website.

How to protect against invoice fraud
There are a number of steps that your business can take to protect yourself from scams of this nature and ensure that you don’t lose any funds.

  • Educate your employees on this type of fraud, ways to detect potentially fraudulent emails and invoices as well as what to do if they receive one
  • Double check email addresses, if you look closely you should be able to spot a fake.
  • If you think an email you have received is suspicious, DO NOT reply.  You should call the company on contact details that you already have on file or ones you have found in the phone directory, not the ones provided in the email.
  • Have a clearly defined process for verifying all payment accounts and invoices which tracks goods/services received and reconcile this to invoices.
  • If the account details provided on the invoice or payment request are different from those used previously, call the company on a number you have saved or find via Google to confirm. Never rely on an email or new invoice with updated account details, always speak to someone to confirm.

Additional information on this scam and how to protect your accounts can be found at https://www.scamwatch.gov.au/news/invoice-email-scam-now-targeting-australian-businesses


If you are concerned that you may have been a victim of this or any other scam, please contact the ADF immediately.