Invoice Redirection Fraud;
Fitzpatricks Real Estate will never change our bank account details.
Many Wagga businesses have been targeted in recent times. Unfortunately email scams impersonating businesses are now a common occurrence in our everyday digital lives. The most common way is by “changes of account details”. The main thing to note is that; a reputable business will never suddenly tell you via email, in a business transaction, that they have changed their account details.
If you ever receive an email saying that account details have changed, than it is highly likely to be a scam. Do not respond, even if the email is from a known person or business that you have recently been corresponding with. Instead, pick up the phone and call the sender, however do not call using the phone number on the email or invoice, rather look up their phone number through another official source, such as the businesses website. Then have an IT professional look at your device to ensure it is clear of any malicious activity.
The breach of security is usually at the recipients end who
are likely to have less security measures in place, therefore it is a difficult
problem for businesses to avoid.
If making a large transaction, it’s always best practice to phone the business
and verbally confirm the account details.
When reviewing any invoice it’s important to note if:
- It was sent from a slightly altered email address.
- Alterations on invoices including low quality graphics or mismatched fonts.
- Spelling and grammatical errors.
- Unusual amounts or descriptions of products and services.
- Different bank account details or ‘how to pay’ information from previous invoices.
- ALWAYS verify any bank account changes by phone using pre-existing phone number (known to you, not on the invoice).
At Fitzpatricks Real Estate we take cybercrime seriously. If
in doubt get in touch using this phone number 02 69211 555.
For more information on scam emails we recommend you read this article:
https://www.cyber.gov.au/acsc/view-all-content/threats/phishing