Skip to content

Beware of payment redirection scams

The Australian Securities and Investment Commission (ASIC) has warned small and micro businesses to be alert for payment redirection scams. These scams have caused some of the highest losses to businesses in 2021 to the tune of $13.4 million. This figure is likely much higher as, according to research, a third of scam victims do not report their loss. These scams typically involve scammers impersonating legitimate businesses or their employees and redirecting upcoming payments to a fraudulent bank account.

In some cases, this may involve the actual hacking of legitimate business email accounts to send scam emails. Other methods fraudsters use to carry out payment redirection scams include intercepting legitimate invoices and amending bank details before releasing the email to the unsuspecting business customer, and registering email addresses that are very similar to ones from a legitimate business.

According to the most recent scams activity report from the Australian Competition and Consumer Commission (ACCC), redirection scams came only second to investment scams in terms of financial losses at $227 million in 2021. This figure includes data from both individuals and businesses. Research also indicates that a third of scam victims do not make any reports, so the true cost of these scams is likely to be much higher.

However, just looking at the business population, payment redirection scams take the top spot as the type of scam that caused the highest losses. Small businesses had the highest median loss ($3,812 per business) and overall lost a total of $3.5 million. ACCC data also points to false billing scams, which includes payment redirection reports, as a concern.

Overall, for the 2021 income year, 3,624 reports were received by the ACCC Scamwatch program from businesses. Of the total $13.4 million lost by businesses, $7 million can be attributed to micro (0 to 4 staff) and small (5 to 19 staff) businesses.
The most common contact method reported to ACCC for scams was phone or text message, and bank transfers continued to be the most common payment method for scams.

Small businesses should take immediate action if they have inadvertently fallen prey to a scam by contacting their financial institution to see if anything can be done to recover the money, and then reporting the scam to either Scamwatch or the Australian Cyber Security Centre. Financial institutions may be able to find out where the money was sent and block scam accounts. ASIC notes that businesses should also be aware of falling victim to a follow-up scam which may offer to recover your lost money for a fee (ie money recovery scams).

Money recovery scammers will usually target victims of previous scams with the promise of recovering lost money for an up-front payment and/or retrieving detailed personal information. They often contact previous victims uninvited and pose as trusted organisations such as a law firm, the fraud taskforce or a government agency. Some more sophisticated scams will have official-looking websites with fake testimonials.

Once the previous victims are convinced of the follow-up scam’s authenticity, the scammers will ask them to fill out false paperwork or provide identity documents, as well as make a payment. In some cases they may also request remote access to computers and smartphones. Another tactic that these money recovery scammers may use is to make contact and attempt to convince a target that they have unknowingly been involved in a scam and are entitled to compensation or a settlement refund.

Source: https://asic.gov.au/about-asic/news-centre/news-items/asic-warns-small-businesses-to-be-vigilant-about-payment-redirection-scams/ 
www.accc.gov.au/media-release/payment-redirection-scams-cost-australian-businesses-227-million-last-year 
www.scamwatch.gov.au/news-alerts/payment-redirection-scams-cost-australian-businesses-227-million-last-year