The SA Police has issued a warning to companies after a local business was scammed out of $1.5 million by offshore attackers masquerading as a supplier, having obtained sensitive business information through a targeted phishing campaign.
South Australian police suspect the scammers initially used an email phishing attack to identify the supplier-client relationship between the two companies.
After obtaining detailed knowledge of the client company’s work practices and suppliers, the scammers contacted them pretending to be the supplier, and said there had been a change to the bank account where invoices were to be paid.
The scammers made contact with the victims through a number of channels, including phone calls, emails and letters featuring the supplier’s logo and signature, which may have been tailored using publicly available information.
The scammers then arranged a ‘money mule’ in New South Wales to set up an Australian bank account for the funds to be transferred to, so no suspicions were raised within the target company’s accounts department. The mule forwarded the money to the cyber criminal's Asian base.
Police said two other companies had also reported similar false invoicing scam attempts, having been falsely billed for $117,000 and $347,000 respectively. In both of those cases, the funds were recovered before they left Australia.
Citing privacy reasons, the SA Police declined to disclose the names of the companies involved.
The force is warning businesses who receive phone calls, emails or letters from vendors notifying them about a change to their bank account details to treat the notice with extreme caution.
It urged companies to receive any change notices to phone a known contact within the supplier directly to confirm the request.
“I would say to any business, no matter what size, that alarm bells should ring if a supplier of services or goods contacts your organisation to provide new bank account details for you to pay money owed,” SA Police detective inspector Greg Hutchins said in a statement.
“Our investigation is ongoing in relation to this matter – and the company may get some of the money back – but it will not recover all the losses with the main scammers believed to be based overseas.”