Australian pair suffers $50,000 loss following receipt of a solitary email - prompting a pressing alert about a perilous fresh scam
In a tragic turn of events, a Melbourne couple, Kathy Winton and Mark Richter, lost $50,000 to a payment redirection scam while overseas. The scammers intercepted an email from their builder and tricked them into sending the money to a fake account [6].
The couple's ordeal began when the first instalment was sent without noticing the date on the form was wrong. The scammers seized the opportunity and sent a fake email claiming the bank account details had changed, which the couple mistakenly believed [1]. Eleven days later, another email claiming a second payment was due followed, but unfortunately, the money was already gone [2].
The pair spent hours on the phone to ANZ from overseas trying to report the fraud, only to be disconnected multiple times and transferred between departments [7]. Upon returning to Australia, they discovered the bank had quietly closed the investigation [8]. ANZ offered them $750 'out of goodwill', which they found insulting [5].
ANZ told Daily Mail Australia it could not comment on the couple's case while it was before the Australian Financial Complaints Authority (AFCA) [3]. The AFCA sided with ANZ in a preliminary determination but accepted a court-enforceable undertaking from the bank to fix weaknesses in its risk management and culture [9].
The offline form process used by ANZ was a significant contributing factor to the scam. The process lacked a mechanism to lock in a BSB and account number, exposing customers to fraud, according to Ms Winton [10].
Payment redirection scams are a growing concern in Australia, with Australians losing $152.6 million to such scams last year, up from $91.6 million in 2023 [4]. These scams are the third most costly scam type after investment and romance fraud [1].
To prevent such scams, banks can implement several safeguards. These include Multi-Factor Authentication (MFA), verifying change requests through secondary channels, avoiding relying on emails alone for payment instructions, automated verification against legitimate databases, real-time fraud warning alerts, employee training and awareness, secure account settings, and monitoring for anomalies [1][2][3].
By combining technological tools with procedural controls and secure account hygiene, banks can form a robust defense against payment redirection scams in online banking transactions [1]. It is crucial for banks to prioritise their customers' security and implement these safeguards to protect them from falling victim to such scams.
- In light of the Melbourne couple's financial loss due to a payment redirection scam, it is essential for banks to prioritize their customers' security, implementing safeguards such as Multi-Factor Authentication, verification through secondary channels, and real-time fraud warning alerts to prevent similar incidents in the banking-and-insurance industry.
- The recent increase in payment redirection scams, costing Australians $152.6 million last year, underscores the need for banks to strengthen their risk management and culture, as shown by ANZ's enforcement undertaking.
- Industry experts and victims, like Kathy Winton, have highlighted the need for banks to improve their online processes, including locking in BSB and account numbers to protect customers from fraud in general-news and crime-and-justice matters.
