Invoice fraud: How to avoid email scams

A children’s charity is doubling down on educating staff after they were duped out of $45,000 in an invoice scam. 

The director of the charity, which cannot be named for confidentiality, was overseas and noticed her association’s bank balance was significantly lower than expected. 

She soon realised they had been scammed out of $45,000.  

"Our account director had received an email three days earlier, claiming to be from our co-director, requesting two offshore invoice payments be made via online banking,” the director said.  

“We were devastated because this was grant money from the government, it wasn’t business profits. This loss would dramatically hurt our charity projects.”  

The director of the charity quickly called Westpac NZ and told them that the transaction had been made in response to the fraudulent email to accounts payable.  

As the Westpac Financial Crime Prevention team were engaged immediately, they were able to contact other banks involved in the payment and retrieve the funds before they were sent offshore.  

Westpac’s Head of Financial Crime, Tiffany Ryan, says there is no guarantee that banks can refund the money every time though.  

Although Westpac will always endeavor to help our customers, “Ultimately the liability sits with the customer because they have authorised the payment to go through,” Ryan said.  

The charity’s director said they would be giving staff training in the wake of the near-miss. 

“We are really aware now that we need to double check payments and emails. We need to have measures in place and double check. 

The Westpac Financial Crime Prevention team suggest the following tips to help avoid invoice fraud.   

Grammar and language:  

• A lot of the time email scams won’t be written in grammatically correct English and they will usually say that a transaction needs to be made ‘urgently’.  
• Look out for expressions or wording that seems out of character for the author.  If you are unsure, call that person to double check the request 
• Scammers have been accessing business email accounts and sending invoices from what looks like an internal email address.   They email the accounts payable department, telling them to urgently make a payment to a bank account, but often their spelling and grammar is not well written.  

Double check account numbers:  

•  If you notice a supplier’s usual bank account details have changed, call them to confirm that the invoice is legitimate. 
• Make sure you call the supplier using the phone number you have on file, or look it up on their website or in the phone book. 
• Don’t call the telephone number on the email or invoice, as this will likely be the scammers phone number. 

 Update IT security:  

• Make sure your security is up to date on email accounts. Speak to an IT security analyst to verify that your systems are secure.  

Take immediate action:  

• If you believe you have fallen prey to a scam, call your bank immediately – even out of hours – so your bank can attempt to stop the payment where possible.   

 For more advice, please also refer to the NZ Police website. and Netsafe. 

Various types of frauds and scams are on the rise. To help New Zealanders stay safe, Westpac maintains a list of latest scams and frauds.