Australian small businesses are advised to review their invoice verification and accounts payable processes to minimise the risk of being caught out by an invoice email scam.
The Australian Competition and Consumer Commission’s SCAMwatch service has released an update warning businesses to be wary of scammers pretending to be legitimate suppliers advising changes to payment arrangements.
The scam may not be detected until suppliers alert the scammed business that they had not received payments that were due.
SCAMwatch said it had received reports from businesses that the scam had extended to Australia from the northern hemisphere. Businesses trading overseas – particularly with companies in Asia – faced a higher risk of being targeted by these scams.
The scam works when its authors access vendor or supplier email accounts and obtain information such as customer lists, bank details and previous invoices. They then send an email in the name of a vendor requesting a wire transfer to a new or different account.
The scammers either disguise their email address or create a new address that looks nearly identical. The emails may be spoofed by adding, removing, or subtly changing characters in the email address which makes it difficult to identify the scammer’s email from a legitimate address.
The email may appear to be from a genuine supplier and often copy a business’s logo and message format. It may also contain links to websites that are convincing fakes of the real company’s homepage or links to the real homepage itself.
The information for this alert was supplied by the ACCC’s SCAMwatch service.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.