Bunnings impersonation scam: A warning for finance leaders

How the impersonation scam works

Fraudsters create professional-looking fake websites and emails, using branding, logos, and links that mirror real businesses. They then lure victims— both individuals and businesses— into purchasing non-existent investment products.

• Fake investment bonds – Scammers claim to offer high-return, government-backed investments from reputable companies.
• Sophisticated website cloning – They set up fake domains and search-engine ads to make their scams appear in legitimate searches.
• Professional-looking emails and cold calls – Victims may receive official-looking documents and be pressured into making quick investment decisions.

One recent case involved scammers impersonating Bunnings, promoting fake sustainability bonds with returns of up to 9%. The fraudulent scheme claimed investments were backed by Bunnings and government finance regulations. ASIC has since taken down the fake Bunnings websites, but the risk of similar scams remains high.

Why this matters for finance teams

These impersonation scams go beyond individual investors— they can also target businesses, convincing finance teams and decision-makers to engage in fraudulent investments or payments. Risks include:

• Fraudulent investments – Businesses seeking corporate investment opportunities may fall for well-branded scams.
• Supplier and vendor impersonation – Scammers may mimic trusted suppliers to trick AP teams into transferring funds.
• Reputational damage – A business that unknowingly promotes or engages with fraudulent schemes could face reputational fallout.

How to protect against impersonation scams

• Verify all investment opportunities – Check the ASIC register to confirm legitimacy.
• Watch for cloned websites – Ensure URLs and contact details match the official business site.
• Educate finance teams – Train employees to recognise impersonation scams, fraudulent investments, and supplier fraud tactics.
• Strengthen payment approvals – Use multi-step verification before approving large investments or supplier payments.

What to do if you’re targeted

• Stop – Don’t transfer funds or share details until verifying legitimacy.
• Check – Contact ASIC or the business’s official contact channels to confirm authenticity.
• Protect – If funds have been sent, contact your bank immediately and report the scam to Scamwatch.

If you’ve provided personal details, contact IDCARE on 1800 595 160 for identity protection assistance.

Warning from the National Anti-Scam Centre

The NASC is actively working with ASIC to shut down impersonation scams, but new ones emerge regularly. Finance leaders, AP teams, and CFOs must be cautious of fraudulent schemes posing as trusted brands— whether in investment scams, supplier fraud, or fake financial products.

For more details or to report a scam, visit Scamwatch.