Search for insurance help

You did what? How to avoid payment redirection scams

Business Insurance Cyber Insurance Small Business Insurance Shop Insurance Technology Sector Insurance IT Services Insurance

Paying bills and invoices is a regular day-to-day operation of any business and for the most part a straightforward task. Yet for a growing number of Australian firms, this simple transaction has unwittingly led to unfortunate losses.

Payment redirection scams cost local businesses $14 million last year, according to the Australian Competition and Consumer Commission, and average losses this year are trending more than five times higher. That’s just incidents reported to the commission’s Scamwatch service, so total losses are obviously much higher.

Scammers impersonate a business or its employees via email and request that legitimately owed money is sent to a fraudulent account. A scammer might use a staff member’s email address to send a customer “updated” bank details, which actually redirect payment to the scammer’s bank account. Also known as “business email compromise incidents”, these scams affect many types of businesses, large and small.

Scammers have requested an employee’s salary be paid into their own account, and impersonated a company president or treasurer, requesting staff to action payments for equipment or other business needs. Sometimes this involves “spoofing” – when scammers impersonate using a registered email address that is very similar to that of the genuine one.

Scammers tend to target new or junior employees, or even volunteers, and an increasing number of reports are coming from sports and community clubs that reported more than $55,000 in losses to such scams last year. It can be difficult to recover money lost to a payment redirection scam, so prevention and preparation is vital.

We can help you explore ways to defend against this growing threat and ensure your cover needs are being met to avoid being left out of pocket and restore peace of mind.

For example, Social Engineering insurance can be added to a cyber policy, providing cover when malicious actors trick an individual into taking an action such as giving away sensitive information, making a transfer of company funds or making purchases on their behalf.

We strongly recommend the following procedures be observed to mitigate the likelihood of this type of loss, which has been known to create confusion that can strain long-standing business relationships.

Firstly, advise staff that they should not deviate from your organisation’s payment procedure, even if the request they have received appears to come from a senior manager or even the CEO.
Whenever there is a request to change payment details, always check with the organisation using stored contact details rather than those in the requesting communication. Don’t email – pick up the phone and call.
If a request creates a sense of urgency, avoid the temptation to rush. Instead, take the time to consider and check whether an email is real, including by looking carefully at the sender’s email address, before acting on instructions.
Ensure staff are well trained in the company’s payment processes and are awake to the risk and prevalence of payment redirection scams.

Management Liability Insurance

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

Details Get Quote

Business Insurance

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Details Get Quote

Business Package

Purchase up to six products under one Business Insurance Package.

Details Get a quote!

Firstly, advise staff that they should not deviate from your organisation’s payment procedure, even if the request they have received appears to come from a senior manager or even the CEO.
Whenever there is a request to change payment details, always check with the organisation using stored contact details rather than those in the requesting communication. Don’t email – pick up the phone and call.
If a request creates a sense of urgency, avoid the temptation to rush. Instead, take the time to consider and check whether an email is real, including by looking carefully at the sender’s email address, before acting on instructions.
Ensure staff are well trained in the company’s payment processes and are awake to the risk and prevalence of payment redirection scams.

If you have been the victim of a scam, contact your bank as soon as possible.

These types of scams are growing in number and size, and even with these procedures in place you should consider the protection that insurance can provide. If you would like and obligation free review of your insurances, contact us today.

cyber insurance

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.

Adroit Insurance & Risk, ABN 75 078972 700, AFSL 244 348

This article originally appeared on Adroit Insurance & Risk Blog and has been published here with permission.