How an email stole $128m from Aussie businesses

Jessica Yun, Yahoo Finance

Australian businesses lost $128 million by falling victim to fake payment emails last year as the financial damage of scams continues to escalate.

False billing scams were the most common scam reported by small businesses, with this scam making up three quarters of all losses to businesses.

But it was a specific type of fake billing scam, called payment redirection scams or business email compromise scams, that hit small businesses hardest.

In these scams, the cyber-criminal will pretend to be a business or an employee and request an upcoming payment to be directed to a fraudulent bank account.

These scams have resulted in $14 million in losses and reported by 1,300 businesses.

The damage of this type of scam has nearly tripled since 2019, where only 900 businesses reported it and losses were at $5 million at the time.

Scammers have profited in the wake of the pandemic, capitalising on heightened emotions and high demand for essential products or services, such as getting vaccinated.

“One thing we know about scammers is that they will take advantage of a crisis,” said ACCC deputy chair Mick Keogh.

In one instance, online criminals targeted farmers wanting good deals on tractors and farm machinery and advertised equipment at very low prices but advised farmers they could not see the machinery before purchasing because of COVID restrictions.

In total, farmers fooled by the scams paid a total of $1.1 million for the fake equipment that never existed.

Health and medical businesses were also popular targets of scammers, with these businesses fleeced $3.9 million as they bought what they thought was personal protective equipment.

In total, Australians lost more than $851 million to scams last year, with this figure estimated to be even higher as many people don’t report being affected by scams.

Victorians were hardest-hit by scammers in 2020, having undergone several lockdowns over the year.

Scammers also fleeced people out of their funds by pretending to be from apps and organisations like Tinder and the Australian Taxation Office.

What should I do if I’m the victim of an email scam?

If you’ve been hit by a fraudulent email, the most important thing to do is protect your identity.

“Change your passwords immediately. This goes for all email and other online accounts, including bank accounts, utilities, online retailers, and so on,” security provider Norton states on its website.

Scamwatch also advises Australians to let your bank and financial institution know immediately if you think you’ve provided your details to a scammer.

Additionally, update all your technology software to the latest version.

If you think you’ve been the victim of identity theft, you can get advice from national security and cyber support service line IDCARE on 1800 595 160 or their Cyber First Aid Kit.

How can you get the money back?

Your first point of contact should be your bank: the Australian Cyber Security Centre states that most banks will cover losses if someone makes unauthorised transactions in your account, “as long as you have protected your client number and passwords”.

The sooner you let your bank know, the better, according to the government’s MoneySmart platform.

You are likely to get your money back if it is still in the recipient’s account and if you report it to your bank within 10 business days, after 10 business days (but it will take longer to get your money back), [or] after seven months (if the recipient agrees to the refund).”

Jessica Yun is a Sydney-based journalist covering personal finance, economy, the gig economy, property, retail, workplace and career issues. Tweet her at @hijessicayun and send story tips to [email protected]