The Cyber Security Directorate, Office of the Chief Information Officer, has identified an ongoing financial fraud campaign where threat actors impersonate legitimate South Australian and Australian businesses. These actors are attempting to change contact and bank details in order to receive fraudulent payments.
Background
In this campaign, threat actors are sending emails that appear to be from trusted South Australian and Australian businesses, service providers, and vendors. These emails request updates to contact information, such as banking details, with the goal of redirecting payments to fraudulent accounts. The impersonators often follow up via phone to further legitimise their requests.
How the Fraud Works
The fraudulent emails typically contain a signature block that mirrors those of accounts receivable or finance staff from the impersonated companies. Additionally, they include the Australian Business Number (ABN) of the legitimate company to make their emails seem authentic. The impersonators may also request remittance advice or send fake invoices with alternative banking details after gaining trust.
Common Warning Signs:
- Changes in Email Address: Fraudulent emails may use slightly altered versions of legitimate business email addresses, often including extra letters like ‘pty’ or ‘au,’ or minor misspellings.
- Generic Messaging: Impersonators often avoid personalising their messages, addressing recipients with phrases like ‘Sir/Madam,’ ‘To Whom It May Concern,’ or ‘Team.’
- Urgency: Fraudsters frequently create a false sense of urgency, pressuring recipients with phrases such as ‘effective immediately’ or enforcing arbitrary time limits to prompt quick action.
How to Protect Your Organisation:
- Review and strengthen your organisation’s internal processes for updating third-party service provider information, especially regarding banking details and contracts.
- Always confirm any changes to payment details with your service providers using verified contact information. Never rely on contact details provided in the suspicious email.
- Ensure your team is trained to recognise red flags in potential financial fraud or impersonation scam emails.
- Report any suspected financial fraud attempts to your ICT Service Desk immediately.
Stay vigilant and proactive in safeguarding your organisation from these impersonation scams and financial fraud attempts.
Cyber security incident reporting
Department of Premier and Cabinet (DPC) is the Control Agency for Cyber Crisis for the Government of South Australia. As part of this role, DPC maintains a threat intelligence and cyber security function which supports incident, crisis and emergency management, which is called the Cyber Crisis Watch Desk.
For cyber security incident reporting, contact the Watch Desk on 1300 244 168 + 2 (24×7) or email watchdesk@sa.gov.au.
