A South Australian business has been the victim of a sophisticated scam series which led to it losing nearly $1.5m, police revealed today while issuing a warning to other companies.
Detective Inspector Greg Hutchins, the acting officer in charge of the SA Police Commercial and Electronic Crime Branch, issued a public alert today, noting that two other companies had reported similar scam attempts to police, but in both cases the money ($117,000 in one case and $347,000 in another) had been recovered.
“This is an elaborate scam in which the fraudster has obtained detailed knowledge of work practices and suppliers, but other businesses can avoid falling victim in a similar way by ensuring their finance areas have robust validation processes,” he said.
The police warning follows Consumer and Business Affairs issuing a reminder to all government agencies earlier this year urging staff responsible for financial transactions to be on alert following fraud attempts made on interstate government departments.
Similar scams, or attempted scams, have also been reported to police interstate.
Three scams were used to defraud the SA business of $1.45m – a ‘phishing scam’ in which details were obtained relating to an existing supplier; a ‘man in the middle scam’ in which they provided new banking details to the business while claiming to be that supplier and the use of a ‘money mule’.
Detective Inspector Hutchins said the scammers, armed with confidential information obtained from the ‘phishing scam’, purported to be a vendor and advised of a change of banking details for invoices to be paid. The victim paid an outstanding invoice, believing they were making a payment to the proper supplier, not to the scammers.
Detective Inspector Hutchins said the recent SA case had also involved an interstate money mule – which meant suspicion was not triggered in the victim’s accounts section because the money was being paid into an Australian bank account. However, this third party – the so-called money mule – then sent the money off-shore.
“These mules – who generally receive payment for allowing their account to be used – can face very serious charges,” he warned.
“They can be prosecuted for money laundering – which carries a maximum penalty of 20 years imprisonment.
“Anyone who allows their bank accounts to be used for the placement of cash by third parties, who they don’t know, and then disburses the money off shore should be aware that this is a commonly used procedure by criminal organisations and scammers to launder money.
“The fact the mule is being told to transfer money off-shore should raise significant alarm bells with the account holder.
“I would say to any business, no matter what size, that alarm bells should ring if a supplier of services or goods contacts your organisation to provide new bank account details for you to pay money owed.
“Our investigation is ongoing in relation to this matter – and the company may get some of the money back – but it will not recover all the losses with the main scammers believed to be based overseas.”
How to avoid being scammed:
* Treat phone calls, emails or letters from a supplier seeking a change to the bank account details you use to pay them, with caution.
* Use the correct, independently verified number from the supplier’s website, or the one you have on file, to call a known contact directly to confirm if the request is legitimate.
* If emailing, type the known email address in the ‘to’ section rather than replying to an email received – scammers often use a very similar email address but with a different suffix or domain name.
* Know that a BSB search, which can easily be done online, will reveal details about a bank account you have been asked to send to.
* Remember words you enter in the free text when conducting bank transfers have no bearing on the transaction – ie writing the name of the account holder does not mean it is that company’s bank account, it can belong to scammers posing as a company.
* Be aware that scammers have also been known to hack Chief Executive officers’ and managers’ email accounts, then send email authorisation to junior officers for the transfer of money into an account controlled by the offenders.
For further information visit http://www.scamwatch.gov.au or to report a cybercrime and online incidents which may be in breach of Australian Law this can be done through the Australian Cybercrime Online Reporting Network (ACORN) http://www.acorn.gov.au. Certain reports will then be directed to Australian Law enforcement and government agencies for further investigation.