The National Anti-Scam Centre, an operation of the Australian Competition and Consumer Commission (ACCC), warns of a rise in business email scams targeting car dealership customers and used car traders. ACCC says the scam may have also spread to caravan dealerships.
ACCC established the National Anti-Scam Centre in July 2023 to facilitate cooperation and collaboration across industry and government and make Australia a harder target for scammers.
Here is how the scam works, along with ways for businesses to protect themselves and their customers.
- The legitimate business’ email account is compromised, usually through an email phishing attack. The scammer can read emails sent and received by the business and can send emails from the account. The business may remain unaware that their email account has been compromised for weeks.
- The scammer emails customers from the compromised email account requesting payment of their deposit (or payment of a further amount if they have already paid a deposit), providing their own bank details rather than those of the trader or dealership.
- Alternatively, scammers may email customers from a different email address that looks similar to a legitimate company’s email address.
- The customer receives the invoice from the scammer and transfers the deposit into the scammer’s bank account, instead of into the business’ account.
- When the business notices it has not received a deposit, it will email an invoice to the customer.
- The scammer sees this email sent by the business, and may send another invoice to the customer, requesting even more money. The invoices sent by the scammer appear identical to the genuine invoices, except for different bank account details.
- Because the scammer has access to the business email account, they know the names of staff and customers. The scam emails appear to be personally addressed to the customer and signed off by the trader’s/dealership’s staff.
ACCC has included this information in the Scams targeting customers of car dealerships and used car traders.
VACC encourages business owners to print this advice and display it in a prominent position at their dealership.
Warning signs
- You don’t receive emails that people say they have sent you.
- Emails are classified as ‘read’ without you having read them, or emails disappear from your Inbox.
- There are strange emails in your sent folder.
- You cannot access your email because the password is incorrect.
- You receive unexpected password reset notifications.
- Your email app reports sign-ins from unusual IP addresses, locations, devices, or browsers.
Protect yourself and your customers
The ACCC recommends the following steps to help protect you and your customers:
- Check and secure your email systems as per the Australian Cyber Security Centre’s advice.
- Check your email system for unexpected ‘filter rules’. In Microsoft Outlook, click on the ‘File’ tab, then click the ‘Manage Rules & Alerts’ button. Scammers can use these to hide their correspondence from compromised accounts.
- Change email access passwords regularly, and always use a unique, complex password. Do not use the same or similar passwords for different services, apps, or websites.
- Let your customers know to contact you if they receive correspondence claiming you have changed bank details.
- Warn customers to look out for suspicious emails and advise you of any unexpected email contact from your business.
The National Anti-Scam Centre will continue to undertake disruption activities wherever possible, including by sharing intelligence with law enforcement and the financial institutions of alleged scam accounts.
ACCC wants to hear about initiatives implemented by dealerships to reduce the impact of scams, or any intelligence you receive regarding scams and/or the impersonation of your business or staff.
If you become aware of scam attempts, report them to the National Anti-Scam Centre.
You can contact the National Anti-Scam Centre at NASC@accc.gov.au
Find out more on the ACCC’s efforts to stop scams on the ACCC website.