Bendigo Bank intercepts payment redirection scam, saving small business $900k
Bendigo Bank is helping small and medium-sized businesses across the country prevent and spot scams, sharing the story of a Victorian construction company that almost lost $938,600 in a false billing scam last month.
“In the financial year ending 30 June 2023, Bendigo Bank stopped $38.6 million in fraudulent transactions or around $105,000 per day, and this is just one occasion where we were able to stop a scam in its tracks,” said Head of Customer Protection, Jason Gordon.
In a recent, real scam case, a Bendigo Bank business customer in Victoria engaged the services of a local supplier for a routine job. On completion of the works, the small business emailed the construction company with draft invoices to verify that the amount payable was correct before formally requesting payment. Shortly after, an invoice reflecting the agreed amount was received, but with different banking details and a message on the invoice to explain a change:
‘Please ensure payment is made into the above bank details as funds paid into the old account will now bounce which could cause delays.’
As the invoice came from the businesses legitimate email account, was signed by the supplier’s Director and otherwise looked legitimate, the customer paid the invoice, thinking they were paying the vendor. Instead that money was on its way to a criminal who had compromised the email account of the supplier and changed the receiving account details to redirect the payment.
The genuine supplier was vigilant and contacted the victim advising they hadn't received payment when expected, and it was at this time that both businesses spotted the discrepancy in the account details between the genuine and scam invoices.
The victim quickly contacted Bendigo Bank, and thanks to the quick actions of the Customer Protection team, $897,083 – more than 95 per cent of what was paid – was recovered.
“This example highlights the Bank’s strengthened ability to rapidly recover funds, and the importance of acting quickly when something doesn’t look or feel right. That said, prevention is better than the cure, so we urge customers to Stop, Think and Protect,” Mr Gordon says.
- STOP – Don’t give money or personal information to anyone if unsure. Scammers will offer to help you or ask you to verify who you are. They will pretend to be from organisations you know and trust like Services Australia, police, government, or a fraud service.
- THINK – Ask yourself could the message or call be fake? Never click a link in a message. Only contact us, businesses or government using contact information from their official website or through their secure apps. If you’re not sure, say no, hang up or delete.
- PROTECT – Act quickly if something feels wrong. If you notice unusual activity or if a scammer gets your money or information, visit www.bendigobank.com.au/security to report it and get support.
“These scams so often start with vulnerabilities in email providers’ security controls that can be exploited by criminals. Bendigo Bank advocates for a true cross-sector approach to scams prevention, with a focus on controls and improvements at the origination of a scam, to stop it happening in the first place,” Mr Gordon says.
Business email compromise can happen when a criminal gains access to a business’ systems, including their email account. Businesses with up to 50 employees such as lawyers, real estate agents, building companies and aged care facilities are emerging as common targets for scammers.
False billing scams, particularly payment redirection through business email compromise and email impersonation, are on the rise, according to the National Anti-Scam Centre. False billing scams were reported as the second most common scam reported to Scamwatch, with Australians losing $16.2 million to payment redirection scams last year.
False billing, as seen in this example, is just one common scam associated with business email compromise, Mr Gordon says.
“It’s also common for scammers to impersonate a person in power within the compromised business to issue a directive to pay an invoice, change a worker’s banking details to that of the scammer, or place orders for goods without payment, for example,” he says.
Businesses looking to prevent their systems from compromise should ensure they develop and maintain good cyber security, and can enquire about Banking Safely Online sessions at their nearest Bendigo Bank branch.
Bendigo Bank launched its face-to-face education program to help customers safely navigate online banking in September 2023. Since then, more than one thousand Bendigo Bank customers, and members from dozens of different community groups are now better equipped to navigate digital banking and better protect themselves online.
Mr Gordon’s advice to business customers who may have fallen victim to a scam is to visit www.bendigobank.com.au/security immediately to report it and get support.