Australian businesses have lost at least $14 million from payment redirection scams in 2020, according to a report from the Australian Competition and Consumer Commission (ACCC).
Payment redirection scams, also known as business email compromise scams, involve impersonating a business or its employees via email and request that money, which usually is owed to the legitimate business, is sent to a fraudulent account.
The ACCC added that average losses so far this year is already tracking to be five times higher compared to average losses in the same period last year.
The agency also noted that the $14 million is just the number reported to its internal Scamwatch program, and other businesses may be reporting their losses to other organisations.
“Payment redirection scams impact businesses across many industries, including real estate, construction, law, recruitment, and universities,” ACCC deputy chair Delia Rickard said.
“Scammers tend to target new or junior employees, or even volunteers, as they are less likely to be familiar with their employer’s finance processes or the types of requests to expect from their supervisors.
“We recommend organisations ensure their staff are well trained in the company’s payment processes and remain aware of payment redirection scams.”
Payment redirection scams can be identified in various forms, including one where a scammer would hack into a legitimate email account and pose as the business, by intercepting legitimate invoices and amending the bank details before releasing emails to the intended recipients.
Another method is through spoofing, where scammers impersonate CEOs or other senior managers using a registered email address that is very similar to that of the genuine email address.
“An increasing number of reports are coming from sports and community clubs which reported more than $55,000 in losses to payment redirection scams last year. It is likely we will see similar figures this year, with $18,000 already reported lost so far in 2021,” Rickard said.