“Hi, please note that our bank account details have changed. Please pay all invoices to our new bank account, as detailed below.”
If you work in Accounts and received an email from one of your suppliers containing those words, what would you do?
If the answer is “immediately change the bank account details and forward all payments to the new account”, you are 100% wrong.
That’s the message form the Australian Consumer and Competition Commission’s (ACCC) Scamwatch service, as it warns businesses to stop being so gullible.
Businesses are being urged to verify all changes to bank account details to avoid losing money in an email scam that has caused losses of $2.8 million to date.
The average amount being lost is $30,000 per Australian business.
“This is a very sophisticated scam, which is why many businesses only realise they’ve been caught out once it’s too late,” ACCC Deputy Chair Delia Rickard said.
Rickard said the theft occurs when a hacker gains access to a business’s email accounts, or ‘spoofs’ a business’ email so it appears fake emails are genuine.
“It’s a scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium-sized businesses, including one that lost more than $300,000,” Rickard added.
“It’s vital a business doesn’t do this just by return email or using other contact details provided. Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they’re not contacting the scammer,” Ms Rickard said.
Businesses which think they may have been defrauded are urged to report the scam to Scamwatch.