Invoice Scam in region
This is a problem which has affected a local business in the region. It may pay to re-visit your payment systems with invoicing that is sent to you by email. Why? Click and have a listen to Senior Constable Stephen Smith
Fake invoicing scam targets Mackay business
Business owners and residents of the Mackay police district – welcome to fake invoicing! Last week we witnessed a variation to this scam which has not previously been reported to us before in our district.
To assist with understanding how this scam works, let’s use the following terms. The business involved will be referred to as B1. The customer involved will be referred to as C2.
B1 and C2 have done business together for a lengthy period. When it is necessary, B1 sends an email invoice to C2 which is then promptly paid. These invoices can relate to moderately large amounts of money (between $10,000 – $15,000).
B1 sends an email invoice to C2 – the invoice is contained in an attached PDF file. This email is not immediately received by C2 – it is redirected as a result of malware (malicious software) to another account. The PDF invoice document is accessed by an external person (crook), the account number and BSB numbers are changed to reflect another bank account altogether which is not linked to either party. The email is then forwarded on to C2 with the new and updated details, including the new email account used by the crook as the senders details.
C2 pays the outstanding amount into the updated account – this money goes directly to the crook and not B1.
Do you send or receive invoices by email? This is not an altogether easy issue to protect yourself against but here are some tips which may help:
- Do you have a record of account and BSB numbers for any business that you receive email invoices from? Keeping a record of these numbers allows you to spot any anomalies – if you spot any thing suspicious, contact the relevant business by phone in response.
- Altering a PDF document will cause a reduction in picture quality. If you notice anything unusual in a received email invoice regarding picture quality – once again – contact the business by phone in response.
- Be wary of business invoice emails which contain obvious poor grammar/English, spelling mistakes, use of old business logos or contact details.
- Malware which redirects emails to an external email address is often introduced to a system by phishing. Install and maintain your anti-virus system to fight against this occurring.
- It’s great to have technology working for you the way an anti-virus does, but you likely also have staff working for you as well. Keep your staff up to date with on-line issues, their scrutiny may save your business much heart-ache.
- Don’t feel confident using email invoices any more? Consider using the age-old fax machine, Australia Post or a telephone call and speaking to someone that you know and trust.
Finally and most importantly – if you have been impacted by a fake invoice scam, report the matter. Somewhere on the planet is a person sitting at a keyboard who is receiving and likely using your hard earned money. Don’t give them a free swing at crime. Fake invoice scams can be reported through the Australian Cybercrime Online Reporting Network (ACORN).
We remind residents of the Mackay police district that you can learn more about scams happening around Queensland, learn how to protect yourself against these scams and appropriate reporting options through accessing the R U in Control? campaign.
More information on the R U in Control? campaign can be found at www.myPolice.qld.gov.au/incontrol