You did what? How to avoid payment redirection scams
Paying bills and invoices is a regular day-to-day operation of any business and for the most part a straightforward task. Yet for a growing number of Australian firms, this simple transaction has unwittingly led to unfortunate losses.
Payment redirection scams cost local businesses $14 million last year, according to the Australian Competition and Consumer Commission, and average losses this year are trending more than five times higher. That’s just incidents reported to the commission’s Scamwatch service, so total losses are obviously much higher.
Scammers impersonate a business or its employees via email and request that legitimately owed money is sent to a fraudulent account. A scammer might use a staff member’s email address to send a customer “updated” bank details, which actually redirect payment to the scammer’s bank account. Also known as “business email compromise incidents”, these scams affect many types of businesses, large and small.
Scammers have requested an employee’s salary be paid into their own account, and impersonated a company president or treasurer, requesting staff to action payments for equipment or other business needs. Sometimes this involves “spoofing” – when scammers impersonate using a registered email address that is very similar to that of the genuine one.
Scammers tend to target new or junior employees, or even volunteers, and an increasing number of reports are coming from sports and community clubs that reported more than $55,000 in losses to such scams last year. It can be difficult to recover money lost to a payment redirection scam, so prevention and preparation is vital.
We can help you explore ways to defend against this growing threat and ensure your cover needs are being met to avoid being left out of pocket and restore peace of mind.
For example, Social Engineering insurance can be added to a cyber policy, providing cover when malicious actors trick an individual into taking an action such as giving away sensitive information, making a transfer of company funds or making purchases on their behalf.
We strongly recommend the following procedures be observed to mitigate the likelihood of this type of loss, which has been known to create confusion that can strain long-standing business relationships.
- Firstly, advise staff that they should not deviate from your organisation’s payment procedure, even if the request they have received appears to come from a senior manager or even the CEO.
- Whenever there is a request to change payment details, always check with the organisation using stored contact details rather than those in the requesting communication. Don’t email – pick up the phone and call.
- If a request creates a sense of urgency, avoid the temptation to rush. Instead, take the time to consider and check whether an email is real, including by looking carefully at the sender’s email address, before acting on instructions.
- Ensure staff are well trained in the company’s payment processes and are awake to the risk and prevalence of payment redirection scams.
If you have been the victim of a scam, contact your bank as soon as possible.
These types of scams are growing in number and size, and even with these procedures in place you should consider the protection that insurance can provide. If you would like and obligation free review of your insurances, contact us today.
This article originally appeared on Adroit Insurance & Risk Blog and has been published here with permission.
Advisr does not provide advice and does not hold a financial service license (AFSL). All information above has been provided by Adroit Insurance & Risk.