Financial services provider ANZ is urging customers, especially small and medium enterprises (SMEs), to be on alert for the warning signs of business email compromise (BEC) and fake invoice scams, also known as payment redirection scams.
The reminder comes amidst rising cybercriminal activities that exploit vulnerabilities in email systems and financial processes, with SMEs being primarily targeted as their technology infrastructure has been typically less complicated to infiltrate than larger corporations.
Typically, scammers would hack into a business’s internal system and update invoice payment details and would ask their victims for payments to be deposited to these updated bank accounts, with the victims losing money in the process.
The Federal Government’s Annual Cyber Threat Report stated the total self-reported BEC losses were almost $84 million over the 2023-2024 financial year across Australia, with the majority of cybercrime reports lodged by small businesses.
ANZ Scams Portfolio Lead Ruth Talalla commented, “Scams remain an ongoing challenge for Australians, with cybercriminals increasingly adopting sophisticated practices such as BEC and fake invoice scams to exploit consumers. We encourage business owners and individuals to be on high alert and double check all details before making any payments. If you receive an unusual or unexpected payment request, notice updated details on an invoice, or are making a payment to a new account, it’s important to verify the details directly with the legitimate company or person before sending funds.”
ANZ shared that these email and invoice scams can be detected by recognising the following signs:
- Unexpected contact method or requests – Someone the victim does not usually communicate with via email or social media asks for personal information or payment (e.g., on WhatsApp).
- Modified payment details on an invoice – Payment details do not match with previous invoices
- Dodgy domains – Cybercriminals may use email domains that look similar to the real sender’s email address.
- Poorly written text or inconsistent message formats – There are grammar or spelling mistakes present, as well as an unusual tone the sender does not usually use.
- Missing or faked email signature – Typically, cybercriminals will lack the legitimate company’s or individual’s email signature.
ANZ also shared some tips on how to avoid falling victim to these scams:
- Never call the phone number provided in a suspicious email or message. Instead, use a phone number that has been independently verified and speak to someone you have previously dealt with if possible.
- Verify new or updated account details with the legitimate company using a phone number that has been sourced independently before transferring any funds.
- If an email or message creates a sense of urgency, do not rush and take time verify its authenticity.
- Use PayID for payments when available to confirm the identity of the recipient.
- For large payments, send a small amount first and confirm it has been received by the legitimate company or individual before sending the full amount.
Customers who believe they may be victims of email compromise and fake invoice scams are advised to contact their bank and the authorities immediately.
