When *Julia’s cleaning supply company received an email from a supplier, notifying them of a change of bank account, along with a $50,000 invoice to pay, nothing seemed suspicious.
“The email came from the supplier’s correct email address, so it looked genuine,” Julia said.
“They told us to make the payment of $50K to a New Zealand bank account so we logged the payment.
“We didn’t even know there was an issue until the Westpac NZ Fraud Team contacted us and told us the transaction was blocked.
“They had stopped the payment from going through, so it was never made,” she said.
Westpac’s fraud team had already frozen this particular scammer’s bank account and were looking into their activity due to a previous transaction that had alerted the bank.
Business invoice fraud is the third most common form of online crime in New Zealand and the leading for scam losses in the U.S., according to an FBI annual report.
“The typical pattern is that the criminal gets access to the business email account, waits until an invoice is actually being sent out, and then edits the account number on the invoice,” Westpac’s Fraud Team says.
“Everything looks legitimate, so it is not uncommon for this type of fraud to go entirely undiscovered until months later, when the company who had their email account hacked, realises they haven’t been paid.
“The only way to avoid it is to contact the payee, obviously not via email, and normally you have to look up their number in the white pages because often the scammer will change the contact details on the email invoice too.
“It sounds like a lot of extra work, but if it stops you losing $200,000, it is a worthwhile phone call to make,” the Fraud Teams says.
Julia says her business has increased their security settings, so no one is authorised to do email forwarding.
“With any request to change bank account details or contact details, we also now have to physically check and verify with the supplier before changing them for payment,” she said.
*Name changed to Julia to protect her identity