Payment redirection scams cost Australian businesses $128 million in 2020

Payment redirection scams are the most common type of false billing scam impacting small businesses. These scams target a large range of businesses, including real estate, construction, law, recruitment, sports and community clubs, and universities.
According to the ACCC’s latest Targeting Scams report, payment redirection scams were the most financially damaging scams for Australian businesses in 2020. Combined losses for these scams reported to Scamwatch, other government agencies, banks and payment platforms totalled $128 million last year.
Reports to Scamwatch show that Australian businesses lost $18 million to scams in 2020, a 260 per cent increase on losses reported in 2019.
“Small and micro businesses made most of the reports to Scamwatch and experienced an increase in losses in 2020, although larger businesses reported the highest losses,” ACCC Deputy Chair, Mick Keogh, said.
Based on Scamwatch data alone, false billing scams were the most commonly reported scam by businesses and accounted for three quarters of total losses to businesses. Small and micro businesses accounted for almost 60 percent of these false billing reports.
There are a range of false billing scams, but the most common type was payment redirection scams, also known as business email compromise (BEC) scams, with 1,300 reports and $14 million in losses. This is a substantial increase from the 900 reports and $5 million in losses reported in 2019.
In a payment redirection scam, scammers impersonate a business or its employees via email and request an upcoming payment be redirected to a fraudulent account.
“One thing we know about scammers is that they will take advantage of a crisis,” Mick said.
Businesses were also targeted by health and medical scams in 2020. About half of the $3.9 million in total losses reported to health and medical scams were from businesses, as they attempted to procure personal protective equipment for their staff to comply with government guidelines during the pandemic.
Other scam types that impacted businesses throughout the year included phishing, identity theft and hacking scams.
“It is so important for businesses to stay informed about scams so they can protect themselves,” Mick said.
“The ACCC provides a range of resources for businesses on how to avoid scams on the Scamwatch website and in our media releases throughout the year.”
How to protect your business:
• Ensure your staff know about your payment processes and what the warning signs are for false billing scams.
• Take time to consider if a payment request is genuine even if you are told that it is urgent.
• Check that emails that ask you for payments or provide you with bank details are real by checking the sender’s email address.
• Check if a payment request is real by getting in touch with the business asking for payment using a contact method you have used before.
If you’ve been scammed, you should contact your bank as soon as possible. You should also contact the platform that you were using when you were scammed to let them know what has happened.

Businesses are encouraged to report scams to Scamwatch. To report a cybercrime visit the business reporting page at

More information on scams is available at including how to make a report and where to get help.