I received this notification from my bank recently, and it’s very good advice that really needs to be passed around.
It is critical when changing a BSB and Account Number at the request of an email from a supplier, colleague or known associate; you always verbally validate this request.
Avoid financial loss to your organisation by ensuring users who update/modify payee information in your business banking profiles, or accounting software, always act on this security advice.
We recommend using a trusted phone number, such as one located on a company website. Confirmation via email is not a secure way to validate changes.
Scammers pose as executive staff members, suppliers, employees or regular payees to lure you into making these changes without validation.
The Australian Competition and Consumer Commission (ACCC) reported in April 2019 that over $60 million was paid to scammer accounts during 2018 from scammers requesting account changes, with reports increasing in 2019.
This advice goes hand-in-hand with my last post on passwords – I’ve had a couple of clients get phished recently and they were nearly caught out by a scammer changing bank account details on an invoice.
If a client or supplier contacts you via email and asks you to change their banking details, or you receive an invoice and the bank account details are different to what you have use previously, or they’re in a different font (pay attention, small details matter!) then use another method of communication, that’s not email, to verify these details with the other party.
It only takes a few minutes to double-check their bank details, it takes far longer than this to try and undo a transaction to a scammer’s bank account.