ACCC Warns Consumers of Fake Business Invoice Scams

phishing, scam, website-7100899.jpg

Australians are being urged to check payment details directly with a business before paying an emailed invoice, following a rise in losses to payment redirection scams.

Last year, Australians reported losing $16.2 million to payment redirection scams. Despite the total number of reports to Scamwatch decreasing by 28 per cent, the total amount lost increased by 3 per cent, indicating that Australians lost significantly more money per scam last year compared to 2022.

“Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses,” ACCC Deputy Chair Catriona Lowe said.

“These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer.”

“This scam is hard to detect because the scammer will either hack into the email system of the business or impersonate the business’ email address by changing as little as one letter,” Ms Lowe said.

The most common industries targeted by this scam are traditionally those that regularly deal with large transfers of money, such as the real estate, legal and construction sectors. However, Scamwatch has received recent reports that car dealerships, travel companies and their customers have been targeted.

“We know of an Australian man who lost more than $35,000 after scammers compromised the email account of the car dealership he was buying a car from. After paying the deposit securely through the dealership’s official website, he received an email with an invoice for the remaining amount owed which he paid thinking it was genuine. When he went to pick up his new car, he found out that the invoice was a scam and the dealership had only received his deposit.”

The National Anti-Scam Centre held an industry forum recently to engage with the sectors being targeted by payment redirection scams and has shared Scamwatch reports with law enforcement.

“If you receive an invoice via email, take the time to call the business on a number you have found yourself to confirm that the payment details are correct,” Ms Lowe said.

How the scam works

  • You receive an email from a business you are dealing with and are expecting an invoice from.
  • You pay the invoice thinking that the payment is going to the business.
  • However, you are unaware that scammers have gained access to the business email account or changed the email address and modified the payment details on the invoice (BSB and account number). You make a payment to the scammer instead of the actual business.
  • You are unlikely to notice anything unusual until you receive a demand for payment from the business for an invoice you believe you already paid. 
  • If you respond to the email to query the change to the payment details on the invoice the scammer will respond justifying the change.  

Example of what the scam looks like

Example of a legitimate business invoice sent to a consumer alongside a scammer altered version of the invoice.
Two email examples demonstrating the invoice impersonation scam. Identifying details have been covered in red blocks. The legitimate email (left) and the scam email (right) look very similar but the legitimate email has a BPay option in addition to a direct deposit option and has also included a list of credit card surcharges relating to public holidays. Apart from that difference the content appears to be identical.

Above is a media release by and from the ACCC (4/04/4024). The original media release can be found here (