According to ScamWatch, from January to September of 2022, False Billing Scams were the 2nd most commonly reported scam type in Australia and cost citizens almost $16 million.
There are a number of different scam types that fall under the umbrella of ‘false billing’, although the most damaging and costly are typically those that involve business email compromise (BEC). This is commonly the case for payment redirection scams, where a hacker will compromise an email account of one of your regular suppliers, or simply use their name and branding, and then send a message saying that they’ve updated their banking details and ask that you update them in your system for all future payments. These scams are often not picked up until the real supplier questions why they haven’t been paid.
Alternatively, the fraudster may send through a fake invoice which needs to be settled by the accounts department urgently. In some circumstances, these invoices are loaded with malware in an attempt to infect your device.
Invoice scams are especially common within the construction industry, partially due to the frequency of transactions between suppliers and builder. Last year, Xero conducted a study which revealed that almost one in five Australian small businesses had been a victim of invoice fraud. For small businesses with between five and 19 employees, the average cost of the fraud was $25,370 – a sum that many can’t afford to lose.
However, invoice fraud is a point of concern for all businesses, big or small. In 2019, Google and Facebook were both victims of invoice fraud to the same scammer, costing them $23 million and $100 million respectively.
Other cons that fall into the category of false billing, as defined by ScamWatch, include:
With these scams continuing to affect so many Australians year on year, ScamWatch has advised of the following warning signs:
In order to protect yourself and your business from false billing scams, you can take these steps:
If you believe you have fallen victim to a false billing scam, learn where to report it here.
Keep Your Business Protected
Prevention is always better than a cure, and the best defence is for your businesses to proactively boost its cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for your business to fortify.
No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or Google Workspace, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist cloud email security solution like MailGuard to complement Microsoft 365.
For more information about how MailGuard can help defend your inboxes, reach out to our team at expert@mailguard.com.au .
Keep Informed with Weekly Updates