Australian businesses were scammed out of $227 million in "payment redirection" cons - which includes business email compromise or BEC - over the course of 2021.
Payment redirection, as the ACCC groups these scams, caused the highest losses to businesses out of any scam type, according to commission's latest scam report.
Combined losses reached $227 million in 2021, compared to $128 million lost to business email compromise reported from the prior year.
Because it doesn't have a specific reporting category for payment redirection scams, the ACCC obtained its figure from reports of false billing, phishing, identity theft and hacking.
The commission also noted that most reports of payment redirection or BEC aren't made to Scamwatch, but instead to banks or to ReportCyber, an online cybercrime reporting tool made by the government.
Scamwatch itself only received 3624 scam reports from businesses, with $13.4 million reported lost - "a 13 percent decrease in reports and a 27 percent decrease in losses" year-on-year.
“Businesses reported losses of $6.7 million to false billing scams with a median loss of $4200," it said of the Scamwatch-only numbers.
“However, for small businesses, the median loss was $8000.”
The commission has a much broader, aggregate dataset it can draw upon for its annual scam report, outside of just Scamwatch.
This includes data from "ReportCyber, major banks and money remitters, and other government agencies," it said. In total, it had access to "more than 560,000 reports" of scams.
Most BEC and payment redirection scams were received via email, which - as the ACCC says - "is not surprising given the scam that causes the highest losses involves scammers emailing invoices with a change of payment details.”
Other business losses
Phishing scams reported by businesses reached a total of 752, resulting in $166,635 lost.
Remote access scams saw businesses lose $90,504 with the number of reports reaching over a hundred.
More than 160 Australian businesses reported hacking scams and 54 reports of ransomware and malware cons.
The competition watchdog also received 231 reports regarding the Ponzi scheme Hope Business, which first appeared around May 2021 and the Wonderful World app scam.
The ACCC added the Flubot SMS scam is “the largest SMS scam in Australia” as “Scamwatch received almost 26,500 reports” between August and December 2021.
“Many people lost personal information and $10,743 was reported in direct financial loss,” the report stated.
“Government, law enforcement and the private sector worked together to combat this scam.
“An international effort including with the Australian Federal Police resulted in a Europol operation disrupting the Flubot infrastructure rendering the strain of malware inactive in June 2022.”
Findings revealed total scam losses grew to over $2 billion as the ACCC “continued to see record levels of scam activity in Australia”.
The report found the largest combined losses in 2021 were $701 million lost to investment scams, $227 million lost to payment redirection scams, and $142 million lost to romance scams.