Invoice scam impacting the building industry

May 2016

ANZ has been made aware of a scam that is currently targeting the building/construction industry.

Fraudsters are gaining access to builder’s email accounts and are altering bank account numbers on invoices and then sending them to the builder’s client. The client pays what they believe to be a legitimate invoice, but it is really going to a bank account controlled by the fraudsters and is usually withdrawn before the fraud is noticed.

If you are paying invoices Netsafe provide the following tips:

  • Examine email sender details carefully, watching for similar domain names or characters that have been swapped for other letters.
  • Forward email responses instead of hitting ‘reply’ so you can type out the genuine email address for a supplier you communicate with.
  • Ensure staff handling payments are trained to recognise suspicious emails.
  • Put in place a ‘two person rule’ around signing off transactions and set transfer thresholds.
  • Confirm new invoice details with suppliers using a phone number known to you, not the one on a suspicious invoice.

If you are issuing invoices the following tips from Connect Smart may be useful to help prevent your email account being compromised:

  • Install adequate firewalls.
  • Keep your anti-virus software up to date.
  • Ensure your operating software is up to date.
  • Use strong or complex passwords (by including a range of upper and lower case letters, numbers and punctuation), particularly for your email and online banking.
  • Change these passwords regularly.

Remember: The bank account name and number cannot be matched or checked when processing payments.  There can be a legitimate bank account name, and an incorrect account number, so it is very important to check the bank account number is correct.

Further information can be found at the websites below:

If you receive an email requesting you to re-register or re-enter sensitive details, delete it immediately and notify the ANZ Internet Banking team on 0800 269 296 (international +64 4 470 3142) or you can report a hoax or suspicious email online.