Over the years we’ve seen a lot of online scams and they’re getting more and more sophisticated.
One of the older scams is the “Our bank account details have changed” scam.
How it works is deceptively simple.
Here’s what happens:
- Customer’s mailbox is compromised, and Bad Guy monitors it
- Customer receives an invoice from a supplier
- Bad Guy downloads the original invoice, and then deletes the email
- Bad Guy fakes a new email to Customer with a modified invoice, highlighting that banking details have changed (Might be presented as a followup email, like “sorry for incorrect invoice, here is the correct account number to use” instead of replacing the original email)
- Customer pays to Bad Guys account details, and figured that was that
- Fraud is later revealed when supplier follows up with Customer because invoice hasn’t been paid
How to avoid this con
Firstly, be aware of it.
If a supplier ever tells you via email their bank account details have changed, be sure to ring the supplier (not using the phone number on the invoice or the email)
Above all, be vigilant and skeptical that anything can be a scam.
Reporting & More Info
You can also report to ACCC: https://www.scamwatch.gov.au/report-a-scam but that won’t help in recovering money or tracking them down.
This is sometimes referred to as a payment redirection scam.https://www.scamwatch.gov.au/types-of-scams/buying-or-selling/false-billing
Using information they have obtained by hacking your computer systems, a scammer posing as one of your regular suppliers will tell you that their banking details have changed. They may tell you they have recently changed banks, and may use stolen letterhead and branding to convince you they are legitimate.
They will provide you with a new bank account number and ask that all future payments are processed accordingly. The scam is often only detected when your regular supplier asks why they have not been paid.