Protect Your Business from Payment Redirection Scams
A Costly Mistake: The Rise of Payment Redirection Scams
Scammers are getting smarter, and businesses are paying the price. Payment redirection scams cost Australian businesses millions every year. In 2022 alone, payment redirection scams cost Australian businesses $224 million, with small and micro-business losses increasing by 95% from the previous year. A recent Western Australian court ruling has made one thing clear—businesses must take proactive steps to protect themselves, or they could bear the financial burden of fraud.
What Is a Payment Redirection Scam?
Payment redirection scams occur when cybercriminals intercept invoices or payment details and trick businesses into sending money to fraudulent accounts. These scams typically involve compromised emails, impersonation, and subtle changes to payment details. Scammers often gain access through business email compromise, where they infiltrate or spoof legitimate email accounts to deceive recipients. Once the money is transferred, it often vanishes overseas, making recovery nearly impossible.
Court Ruling: A Wake-Up Call for Businesses
In a landmark case, a Western Australian court ruled that businesses must verify payment details before making transactions. A contractor was scammed out of $190,000 after fraudsters gained access to their email system and provided false bank details to a client. Despite some attempts at verification, the court found that the business did not do enough to prevent the fraud. This ruling sets a precedent—if you fall victim to a payment redirection scam, you may still be liable for the original payment.
How Cybercriminals Gain Access
Scammers use various tactics to infiltrate business systems:
- Email Compromise – Hackers gain access to company emails and monitor communications.
- Fake Invoices – Fraudsters send invoices with altered bank details.
- Urgency Tactics – Scammers pressure businesses to act quickly, reducing the likelihood of verification.
- Suspicious Emails – Be cautious with emails containing hyperlinks, urgent payment requests, or demands for sensitive information.
The Golden Rules for Protecting Your Business
Just as gold must be tested for authenticity, every payment request should undergo strict verification. Here are key steps to safeguard your business:
1. Verify Bank Details Before Payments
Never change payment details based on an email alone. Call the supplier using a trusted phone number to confirm any changes. Use secure communication channels for transmitting sensitive financial information.
2. Enable Multi-Factor Authentication (MFA)
A strong lock on your email account is crucial. Use MFA to add an extra layer of security and prevent unauthorised access.
3. Train Your Team to Spot Red Flags
Educate staff on common scam tactics. If an email urges immediate payment or contains subtle changes in account details, treat it as suspicious.
4. Use Pass-Phrases Instead of Passwords
A simple password is like a cheap lock—it won’t keep criminals out. Use long, unique pass-phrases to strengthen security.
5. Implement Strict Payment Controls
Introduce internal approval processes for high-value transactions. A second level of authorisation can stop scammers in their tracks.
The Role of Banks in Fraud Prevention
Regulators are pushing for Australian banks to introduce a confirmation of payee system, which will help verify recipient details before transactions go through. While this initiative is promising, it has not yet been fully implemented in Australia. Businesses should not rely solely on banks for fraud prevention but must take proactive internal measures to safeguard their financial transactions.
Report Scams to the Authorities
If you suspect a payment redirection scam, report it immediately to the Australian Taxation Office (ATO) and Scamwatch. The ATO provides guidance on how to verify or report a scam, ensuring that other businesses do not fall victim to similar frauds. (Verify or report a scam – ATO)
Protect Your Business Like a Gold Reserve
Gold reserves are guarded with extreme care—your business funds deserve the same level of protection. Cybercriminals are always looking for their next victim, but by staying informed and implementing robust security measures, you can keep your business safe.
Need Help Strengthening Your Cybersecurity?
At DJ Grigg Financial, we help businesses navigate financial risks, including fraud prevention. Contact us today for expert advice on safeguarding your finances.