Online or Cyber fraud is "any type of fraud scheme that uses email, web sites, chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme." (See AFP Link below)
As more and more business is done online, scammers are becoming more sophisticated and technologically astute to be able to divert funds from legitimate transactions.
At Accounting for Good, we have been working closely with a charity that provides services to other non-government organisations and to government. They recently provided services at an agreed and contracted fee of $20,000 and subsequently sent the invoice to their client. Somehow, the client was sent a follow-up email, purportedly from the supplier, with advice that the supplier had changed banks, and that the payment should be provided to specific bank account details. The client paid the $20,000 and only twigged to a problem when the supplier sought payment on the overdue invoice.
The funds were not seen again and, as they say, 'negotiations are continuing'.
Online scams can result in substantial financial loss, as well as possible damage to reputation, privacy and client services.
There were some red flags in the example above.
- The email purportedly from the supplier in fact was from a bogus and anonymous address. Email applications, such as Gmail, Outlook and Apple Mail, provide an option to view the "From" label in order to verify the true source of the email.
- The email text was poorly punctuated and the grammar was poor. While not all emails are in excellent English, it is highly unlikely that a service provider which sends invoices regularly would send unprofessional emails.
- The invoice attachment was a tampered version of the original email.
- The change in bank account details is the biggest red flag, and should have automatically triggered a phone-call follow up to the accounts department at the provider to verify the change.
Don't simply rely on your subscription to a security service. The above scam relied on humans and not software to make certain decisions. Due diligence is the key.
If you use Google Mail (Gmail), make full use of the Spam and "Spoof" filters. (Check these filters to ensure legitimate emails are returned to the Inbox.)
Scamwatch, a service of the ACCC reported on this type of scam. Check how it works here.
CEO, Accounting for Good
- The ACCC runs Scamwatch for the latest in trickery.
- The Australian Federal Police have issued a guidance around online fraud and scams. Link
- Australian Bankers Association Security and Fraud Prevention
- There is a growing number of insurance providers offering cyber-fraud insurance. Contact your insurer.