Business email compromise are scams that trick an employee, customer or vendor into transferring money or sensitive information to the scammer. The scammers send emails and use websites that look legitimate, but a completely fake. The email scams alone, account for 63 per cent of all business losses reported to Scamwatch. The average loss is nearly $30,000!
A registered tax agent from Alice Springs, Rajiv received an email from People Co, a labour hire company. During the busy period of tax time June – October, Rajiv often employed extra staff through People Co, so it was normal to get emails. However, this one was different, while it bore a strong resemblance, it was in fact a fake.
The email sender, firstly, included an invoice for urgent payment, with the logo and branding of People Co, to make it look authentic. Secondly, said further identification information was required having been lost due to an email malfunction. And finally, the email included a link to a web form that Rajiv needed to complete urgently to pay the invoice and ensure his contractors were paid.
On receipt of the email Rajiv decided to take the time to check with People Co, who said payments were all up to date. He then subsequently checked the email to discover the People Co bank details were different from the usual BSB and account number on the invoice.
Rajiv saved his business $20,000 by taking the time to check.
Taking the time to check.
- Be wary of emails that are not expected. For instance, an invoice received from a supplier you haven’t dealt with in a while, invoice amount differences or bank detail changes.
- Teach your staff to look out for other red flags of invoice scam emails like:
- The supplier has provided new bank account details.
- Urgent payment is requested or you’re threatened with serious consequences if payment isn’t made.
- The sender is someone in a position of authority, particularly someone who wouldn’t normally send payment requests.
- The email address doesn’t exactly match the supplier’s company name. Double-check by looking at previous correspondence.
- Never give out your personal identifying information unless you are certain who you are dealing with. Contact organisations on an independently sourced number, not one provided to you.
- Keep your business information safe. Beware of anyone asking you to ‘confirm’ your details and don’t share you details unless you’ve checked the person you are dealing with is who they say they are.
- Always exercise caution when downloading attachments or clicking links in emails, text messages or social media posts, even if they appear to be from someone you know.
- Stay alert at all times! Remain one step ahead of cybercriminals and keep your personal information safe online by following these easy steps.
To Get help or need more information