Scammer swindles huge sum from small biz
Written by admin on August 5, 2024
Scammers have swindled more than $900,000 from an unsuspecting small business owner in the latest warning shot to Australians that the online criminal world is getting dangerously sophisticated.
The steal hit a construction company in Victoria, with the criminals exploiting a compromised email account to worm their way into the theft.
The company had engaged a local supplier for work and the supplier sent a draft invoice to verify a correct amount payable.
But criminals, having compromised the email account of the supplier, sent the construction company another invoice that appeared legitimate, with only the bank details changed.
A message from the invoice read: “Please ensure payment is made into the above bank details as funds paid into the old account will now bounce which could cause delays”.
The invoice arrived from the supplier’s legitimate email account and had been signed by the supplier’s director.
The construction company paid the invoice, believing they were paying the vendor, but had in fact just sent on money to the criminals.
It was only when the supplier contacted the construction firm to ask for payment that the scam was detected.
The victim contacted Bendigo Bank and the bank’s customer protection team recovered $897,083 of the stolen funds, or more than 95 per cent of what had been paid.
“This example highlights the bank’s strengthened ability to rapidly recover funds and the importance of acting quickly when something doesn’t look or feel right,” Bendigo Bank head of customer protection Jason Gordon said.
“That said, prevention is better than the cure, so we urge customers to stop, think and protect.”
The bank said it had stopped $38.6m in fraudulent transactions across the 2022-23 financial year.
“These scams so often start with vulnerabilities in email providers’ security controls that can be exploited by criminals,” Mr Gordon said.
Business email compromise happens when a criminal gains access to a company’s systems, including email accounts, the bank explained, with businesses housing up to 50 employers such as legal firms, real estate agents and aged care facilities emerging as common targets for scammers.
The National Anti-Scam Centre also reports a rise in false billing scams, with Australians losing $16.2m to payment redirection scams in 2023.
“It’s also common for scammers to impersonate a person in power within the compromised business to issue a directive to pay an invoice, change a worker’s banking details to that of the scammer, or place orders for goods without payment, for example,” Mr Gordon said.
Read related topics:Adelaide