According to the Australian Consumer and Competition Commission (ACCC) there’s an increase in the number of false billing scams directed at clubs and not-for -profits who may rely on volunteers to pay bills or who may have lean administrative systems with few checks and balances. False billing scams request you or your organisation to pay fake invoices for directory listings, advertising, domain name renewals or office supplies that you did not order.
How this scam works
Your organisation might be sent an invoice, letter or invitation to be listed in a bogus trade directory or to renew your website domain name. Or the scammer might phone you out of the blue to confirm details of an advertisement booking or insist you've ordered certain goods or services. These scams take advantage of the fact the person handling the administrative duties for the organisation may not know whether any advertising or promotional activities have actually been requested.
Many email-based ransomware scams use fake bills as attachments to infect your computer. If you receive an unexpected bill from a utility provider, do not open the attachment.
Fake directories and advertising
Fake directory invitations will often include a form to be filled out and ask for your organisation’s contact details with an approval signature. You might be led to believe that you are responding to an offer for a free entry, but the form you are asked to complete is a disguised invoice or contract with the amount owed hidden in tiny print.
Alternatively, the scam might appear as a proposal for a subscription to a magazine or journal. These are often presented to look like renewals for genuine directory publishers.
Another common method is for the scammer to phone an organisation asking to confirm details of an advertisement they claim has already been booked. The scammer might quote a genuine entry or advertisement your organisation has had in a different publication or directory to convince you that you really did use the scammer’s product.
If you refuse to pay, the scammers might try to intimidate you by threatening legal action.
Domain name renewal scams
Australian website domain names are registered with accredited domain name registrars and resellers, and must be renewed every couple of years. All registrars and resellers of .au domains in Australia are accredited through the industry self-regulatory body .au Domain Administrator.
Domain name renewal scams can work in different ways. You may be sent an invoice requesting payment for a domain name that is very similar to your current domain name – the scammer hopes that you don’t notice the difference and just pay the invoice. For example, it may end in ‘.net.au’ instead of ‘.com.au’ or the ‘.au’ at the end may be missing. It may even be for a domain name in another country, such as ‘.cn’ for a China web address.
Alternatively you could be sent a letter that looks like a renewal notice for your actual domain name, but it is from a different company to the one you have previously used to register your domain name.
The sender may claim that another company is seeking to register the same domain name, but they are giving you the brief opportunity to secure the name first. You will be told your chance to use the domain name will end if you do not pay immediately. This is absolute rubbish.
Payment redirection scams
Using information they have obtained by hacking your computer systems, a scammer posing as one of your regular suppliers will tell you that their banking details have changed. They may tell you they have recently changed banks, and may use stolen letterhead and branding to convince you they are legitimate.
They will provide you with a new bank account number and ask that all future payments are processed accordingly. The scam is often only detected when your regular supplier asks why they have not been paid.
Office supply scams
An office supply scam involves receiving and being charged for goods that you did not order. These scams often involve goods or services that you regularly order: paper, printing supplies, maintenance supplies or advertising.
You might receive a phone call from someone claiming to be your regular supplier, or simply a new supplier, telling you that the offer is a 'special' or available for a 'limited time only'. If you agree to buy any of these supplies that are offered to you, they will often be overpriced and bad quality. Additionally, you may receive a further invoice or notification claiming that you have signed up to an ongoing supplier contract.
If you receive a demand for payment for goods you did not order you may have rights to dispute the payment.
You receive an invoice or phone call from an organisation directory or other publication you’ve never heard of, ‘confirming’ your entry or advertisement. You recognise the listing as one you put in a different publication.
The caller claims that the government requires you to be listed in their register.
You receive a letter or an invoice requesting payment for a domain registration or renewal. The renewal fee may be much higher than usual or be registered with a different company. The domain name may be very similar to your actual domain name with a different ending.
You receive an invoice for goods or services you did not order or a call from somebody claiming to be your regular supplier, offering goods that you have ordered before.
One of your employees might be offered a free gift by someone you’ve never heard of; the gift may arrive with other goods that your employee did not order.
Never agree to any organisation proposal on the phone: always ask for an offer in writing. If you are unsure about any part of an organisation offer, ask for more information or seek independent advice.
Always check that goods or services were both ordered and delivered before paying an invoice, and always read the fine print carefully.
Try to limit the number of people in your organisation who are authorised to make orders or pay invoices. Make sure the organisation billing you is the one you normally deal with.
If you notice a supplier’s usual bank account details have changed, call them to confirm.
Always get proof of directory entries before paying anything and never pay for an entry or advertisement you didn’t authorise. If you receive a telephone call or ‘invoice’ that comes from a publication you have never heard of, do not pay or give out your details until you have looked into the matter further.
Keep written records of your authorisations for advertising or directory entries. If you receive an invoice or a telephone call, you can go back to your records to check it.
If you are happy with your current domain name registration provider, simply ignore any other ‘renewal’ or ‘registration’ letters that you may receive from a different company. If you do want to switch domain name registration providers—make sure you know the full costs, terms and conditions of the offer before agreeing.
Check if an Australian .au domain name provider is legitimate and accredited by visiting the AUDA website at https://www.auda.org.au/. For domain names in another country, a good starting point is the international Internet Corporation for Assigned Names and Numbers (https://www.icann.org/).
Immediately cut contact with scammers who attempt to bully or intimidate you.
Have you been scammed?
If you have received an unsolicited letter, email or invoice that appears to be a trade mark, patent or renewal invoice, contact IP Australia at https://www.ipaustralia.gov.au/about-us/contact-us.
You are encouraged to report scams to the ACCC via the Report-A-Scam page at https://www.scamwatch.gov.au/report-a-scam. This helps to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example, email or screenshot.