Financial Scams on the Rise

False billing scams are a growing threat in the Australian business landscape. These scams involve businesses receiving fake notices of changed bank account details, or invoices that have been altered to have the scammers’ bank details.

There is often confusion around who is liable in these situations. For example, a supplier’s system is breached and the attacker uses the breach to send customers legitimate invoices that have been altered to include fraudulent payment details. The customers then pay the legitimate invoices, but they pay to the fraudulent account. What happens now? Who is liable?

This exact scenario has recently unfolded and an Australian court has ruled on the matter, providing a precedent for how this will be handled in future.

Reality of False Billing Scams

The WA District Court recently ruled on a case involving the supplier, Mobius, and the customer, Inoteq.

Mobius invoiced Inoteq for $235,400 worth of work. After the invoices were sent a hacker was able to gain access to the email account of Mobius’ director. The hacker sent an email to Inoteq requesting that all payments should be made to a new bank account. Inoteq were suspicious of the changed bank details and replied to the email requesting confirmation. Unfortunately, since the Mobius email account was compromised the hacker was able to confirm the details and Inoteq subsequently paid the amount to the fraudulent account.

The hacker therefore had $235,400. Inoteq believe they paid as requested by the company and Mobius say they were not paid. Depending on the perspective both are true, so who is out of pocket?

In this case, the court found that Inoteq did not take sufficient steps to protect themselves. The judge ruled that they should have called the supplier to confirm the change rather than send a very large amount of money based on the contents of an email. The court ruled that Inoteq would be required to pay the outstanding amount.

Key Takeaways for Small Businesses

This incident underscores the importance of verifying invoice details before making payments and implementing robust verification processes.

  • Always verify any changes to bank or invoice details through a phone call to your supplier, as email communications can be intercepted by hackers.
  • Ensure your email systems are secure by implementing MFA and using safe password practices.

By taking these precautions, you can safeguard your business from falling victim to similar scams and avoid the serious financial and legal repercussions that come with them.

Fortify Your Cybersecurity

To find out more about email and financial security measures for your business, contact the Synapse IT team.

Source: Scammed company Inoteq ordered to pay $190k to Mobius Group after paying fraudulent invoice – ABC News