Background

Scamwatch is warning Australians to watch out for fake email invoices.

Scammers pose as a real business you've recently dealt with. They send fake invoices with changed payment details, so your money ends up with the scammer.

People booking travel and buying cars have recently suffered more of these scams, but they can affect any type of business. 

Scammers make these invoices look real by copying business logos and ABNs, making the scams harder to spot.

Always check payment details directly with a business before paying an emailed invoice. 

How to spot the scam

Fake invoice scams are hard to spot. This is because:

  • the scammer will hack the business' email system or impersonate their email address
  • a fake invoice looks real and may have the business logo and ABN
  • the email might look just like other emails from the business, and may appear in the same email or conversation history.

You need to check the fake invoice against a real business email or invoice. A fake invoice has different payment or banking details, or a different BSB and account number to the real business.

How one couple lost over $800,000 to a fake invoice scam

Example of scam invoice: Scam invoice is set out in the normal format of an invoice, for a property settlement amount of $883 093.90 broken down into account components. Account details of the scammer's bank account have been provided in place of the real bank account details. There is a large red SCAM stamp across the fake business invoice. Personal details are blacked out.Click to enlarge

A couple lost more than $800,000 to a scammer pretending to be their solicitor while they were finalising settlement of a property:

'I was emailed transfer details to complete the funds transfer before a property purchase.

The email came from my solicitor’s legitimate email address. The bank details provided were incorrect, unbeknown to me.

I received a confirmation email from my legal team confirming receipt of funds, but it went to a scammer instead.'

How the scam works

  • You get an email invoice from a business you've been dealing with.
  • The email comes from the real business email address, because scammers have accessed their systems - or the business email address has slightly changed.
  • Scammers have changed the payment details on the invoice, directing your money to a fraudulent account.
  • If you reply to the email to ask about the payment details, the scammer will respond, 'explaining' the change.   
  • Using the payment details on the fake invoice, you pay the money.
  • Your payment goes through, but your money goes to the scammer's account - not the real business you think you've paid.
  • You don't notice that anything is wrong. Then the real business contacts you, asking for the money you've unknowingly paid to the scammers.

Find out more

Fake business invoice scams (or payment redirection scams) are impersonation scams.

Scammers pretend they are from the police, government, banks or well-known businesses. 

They use technology (or 'spoofing'), so their call seems like it's from a legitimate phone number.

Their texts or emails might be in the same message thread as the real organisation.

Always ask 'who's really there?'. Find out more about impersonation scams, what to look for and how to protect yourself.

Protect yourself

STOP – Don’t rush to act. Take the time to call the business you are dealing with – using contact details you've found independently – to check the payment details are correct.

THINK – Ask yourself if you really know who you are communicating with. Scammers can make invoices look like the real thing by copying logos and ABNs. Scammers can send emails that look like they're from the business you've been dealing with – only changing the banking details on the invoice.

PROTECT – Act quickly if something feels wrong. If you have shared financial information or transferred money, contact your bank immediately. Help others by reporting the scam to Scamwatch.

Report business email fraud to the Australian Cyber Security Centre

If you've been affected

  • If you have lost money, contact your bank or financial institution immediately.
  • Contact the platform you were scammed on and let them know about the scam. 
  • Help others by reporting scams to Scamwatch.
  • Tell your friends and family: it helps to share your experience, they can support you and you can help protect them from scams.