Cyber crime

False billing scams hit Aussie businesses amid 2023 fraud spike

Catherine Chipeta
3 Min
False

The overall population saw a decline in financial losses due to scams in 2023, but Australian businesses are facing greater losses, with false billing scams increasing across the board, according to the ACCC’s latest report.

While reported losses to the overall Australian population are down 13.1% to $2.74 billion in 2023, the numbers for businesses paint a different picture, with reported losses of $29.5 million, a 27.2% increase from 2022.

This increase in business losses is in part due to fraudsters’ use of more sophisticated attack methods, such as false billing scams, that are catching even the most cyber-aware off guard.

Businesses lost $11.8 million through false billing scams in 2023, up 37% from 2022, with overall population losses costing $28 million, a 10.6% increase from 2022. This two-fold upward trend indicates the need for finance leaders to proactively improve their fraud detection controls.

What is a false billing scam?

False billing scams occur when fraudsters impersonate legitimate businesses and trick victims into sending money to the wrong bank accounts. There are several ways that fraudsters can pull off this type of attack, with fake invoices being a common weapon of choice.

Bank fails to intercept $80,000 false billing scam

A recent unfortunate false billing tale is that of a tour operator whose client sent $80,000 to a fraudster impersonating the operator’s business through fraudulent emails with slightly modified details.

The fraudster sent a fake invoice to the client, which looked like a legitimate invoice from the company but had different bank account details. Despite this discrepancy, the bank allowed the transfer to go through to an account number that didn’t match the name the account was under.

False billing scams remain a regulatory blindspot in Australia

In November 2023, the Australian Banking Association announced the Scam-Safe Accord, which “sets an even higher standard of protection by banks to shield consumers from scammers” and is expected to roll out across 2024 and 2025.

Despite banks signing on to these voluntary measures, which include cross-checking account names, Australia is yet to enforce anti-scam regulation to keep industries, including finance, telecommunications, and online platforms accountable when fraud hits — a move backed by the Australian Competition and Consumer Commission (ACCC).

5 ways to protect against false billing scams

1. Implement multi-layered verification processes

When a supplier’s account details or payment instructions change, verification should pass through several AP team members to ensure no payments go through without receiving multiple approvals.

Finance leaders should also aim to standardise the verification process by ensuring adequate cross-checks are in place to verify changes in details against existing information and trusted information sources.

2. Train and upskill your AP team

General security awareness training is no longer enough to stop payment fraud in its tracks. Beyond deleting suspicious emails, using secure Wi-Fi networks, and switching on multi-factor authentication (MFA), your AP team needs specific expertise to detect the subtle yet critical signs of fraud. Examples of required caller skills include detecting verbal inconsistencies and knowing how to question a supplier during onboarding / when updating details.

3. Check every payment

Verifying supplier details during onboarding isn’t an evergreen control. Your AP team must cross-check details for every payment, as fraudsters can hack seemingly legitimate systems at any stage across the payment lifecycle.

4. Stay up-to-date on the latest scam tactics

As businesses and individuals become more aware of signs of phishing, ransomware, and other cyber threats, fraudsters are turning to more sophisticated scam tactics. Australians face a cyberattack every six minutes. Finance leaders should ensure their teams are aware of the latest threats across the cyber landscape and aim to continuously update threat identification and mitigation processes accordingly.

5. Leverage a payment protection solution

Performing all the necessary cross-checks required to verify details during every payment is a time-consuming process. While a single check can be all it takes to intercept fraud, dedicating sufficient time and resources for every payment proves difficult, especially during peak times like EOFY.

Payment protection solutions, like Eftsure, eliminate the tedious manual verification process by cross-checking against a database of trusted information sources. Automating this process frees up more time for your AP team to focus on meaningful tasks while maintaining a standardised process for supplier payments.

Cybersecurity Guide f
Learn the latest scam risks and how to protect your business
Whether you want to keep your team informed or reassess your security control procedures (or, ideally, both!), our latest Cybersecurity Guide for CFOs can help.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.