Businesses are being urged to be on the lookout for email scams, with a rise in hackers targeting people with fake invoices.
Central Victorian farmer Rebecca Hamilton received an invoice for $24,000, which appeared to be from her regular supplier.
But it was Ms Hamilton’s caution that saved her from an expensive loss.
“Two invoices came across my desk with red writing stretched across the middle of them informing me that there’s been a change of bank account details,” Ms Hamilton said.
The Shelbourne wool producer called her supplier to check if they had changed their details.
“When I heard back from the supplier [and] it turned out they hadn’t changed their bank account, it set off alarm bells,” she said.
Livestock feed supplier Christina Fay said the invoice had come via her email address to Ms Hamilton’s.
However, she said, it seemed the hackers were able to intercept the email and change the details.
“When she sent me the invoice, for all intents and purposes, it was our invoice, it had all the correct information, except for the changed account details,” Ms Fay said.
Curium Legal owner Sarah Gee said she has seen businesses lose “insane” amounts of money to email scams in recent months, adding up to hundreds of thousands of dollars.
“I’ve seen fake requests generated by scammers from one member of a finance team to another in the same business,” she said.
“Fake requests for refunds from customers and scammers locking people out of their social media accounts when they’ve got huge followings.
“The level of sophistication we’re seeing from scammers at the moment, it’s almost impossible to detect.
“Many times businesses aren’t covered by insurance because they don’t have cyber insurance. And often there are gaps in cyber insurance even if they do have it.”
In the wake of the Medibank and Optus hacking scandal, the Bendigo lawyer said many business owners were increasing their cyber protection.
“It’s extremely stressful for business owners who are hacked, they’re worried about their duty of care to the customers and employees,” she said.
“Banks are then often taking 45 business days to know if the money can be recovered or not.
“It’s another thing to add to the rising costs of running a business.”
Advice on suspected scam emails
If you find yourself with a suspected scam invoice, Ms Gee had some simple advice.
“Don’t use the phone number in the suspected scam email to follow up,” she said.
“The scammers are including dodgy phone numbers too and it often goes to someone who speaks perfect English.
“Find the number for the business somewhere else.”