Australians are being urged to check payment details directly with a business before paying an emailed invoice, following a rise in losses to payment redirection scams.

Last year, Australians reported losing $16.2 million to payment redirection scams. Despite the total number of reports to Scamwatch decreasing by 28 per cent, the total amount lost increased by 3 per cent, indicating that Australians lost significantly more money per scam last year compared to 2022.

“Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses,” ACCC Deputy Chair Catriona Lowe said.

“These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer.”

“This scam is hard to detect because the scammer will either hack into the email system of the business or impersonate the business’ email address by changing as little as one letter,” Ms Lowe said.

The most common industries targeted by this scam are traditionally those that regularly deal with large transfers of money, such as the real estate, legal and construction sectors. However, Scamwatch has received recent reports that car dealerships, travel companies and their customers have been targeted.

“We know of an Australian man who lost more than $35,000 after scammers compromised the email account of the car dealership he was buying a car from. After paying the deposit securely through the dealership’s official website, he received an email with an invoice for the remaining amount owed which he paid thinking it was genuine. When he went to pick up his new car, he found out that the invoice was a scam and the dealership had only received his deposit.”

The National Anti-Scam Centre held an industry forum recently to engage with the sectors being targeted by payment redirection scams and has shared Scamwatch reports with law enforcement.

“If you receive an invoice via email, take the time to call the business on a number you have found yourself to confirm that the payment details are correct,” Ms Lowe said.

How the scam works

  • You receive an email from a business you are dealing with and are expecting an invoice from.
  • You pay the invoice thinking that the payment is going to the business.
  • However, you are unaware that scammers have gained access to the business email account or changed the email address and modified the payment details on the invoice (BSB and account number). You make a payment to the scammer instead of the actual business.
  • You are unlikely to notice anything unusual until you receive a demand for payment from the business for an invoice you believe you already paid. 
  • If you respond to the email to query the change to the payment details on the invoice the scammer will respond justifying the change.  

Example of what the scam looks like

Example of a legitimate business invoice sent to a consumer alongside a scammer altered version of the invoice.

Protect yourself

STOP – Don’t rush to act. Take the time to call the business you are dealing with – using independently sourced contact details – to check the payment details are correct.

THINK – Ask yourself if you really know who you are communicating with? Scammers can make invoices appear legitimate by copying logos and ABNs. Scammers can send emails that appear to be from the business you have been dealing with – only changing banking details on invoices.

PROTECT – Act quickly if something feels wrong. If you have shared financial information or transferred money, contact your bank immediately. Help others by reporting to Scamwatch.

Report compromised systems to