The Hume Police District is calling on the community and businesses to be aware of a sophisticated scam involving invoice and account payments.
The scam occurs when a hacker gains access to a business's email accounts or duplicate a business's email, so their emails appear to come from the company. The hacker then sends emails to customers claiming that the business's banking details have changed and that future invoices should be paid to a new account. These emails look legitimate as they come from one of a business's official email accounts. Payments then start to flow into the hacker's account.
This is a very sophisticated scam, which is why many customers and businesses only realise they've been caught out once it's too late. It means both the customer and business are financially impacted.
The Hume Police District Police need businesses to urgently review how they verify and pay accounts and invoices as reports of business email compromise have significantly increased.
The scam targets all kinds of businesses, including construction, charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including one that lost more than $300,000, according to the Australian Competition and Consumer Commission (ACCC).
Customers and businesses should also check directly with their supplier if they receive notice of a change in account details. It is vital people don't do this just by return email or using other contact details provided. Find older communications to ensure you have the right contact details or otherwise independently contact using methods such as a telephone call or visit, so they can be sure they're not contacting the scammer.
Anybody affected by this scam should contact their financial institution immediately and consider professional IT advice to ensure their email systems and data are secure from hackers.
More information about this and other scams can be found on the ACCC website: https://www.scamwatch.gov.au