LawTalk Blog

What is online payment fraud and how does it happen?

online payment fraud

Fraud is always a possibility in online transactions. Over the past six months, there has been an increase in the sophistication of such fraud.

We have had a number of clients who have recently fallen victim to online fraud, in some cases for very substantial sums of money.

The fraud usually occurs in a scenario such as below:

Tom is selling a car to Sally and provided his bank account details to her over email. Unknown to Tom or Sally, the email system of either or both of them has been compromised by a fraudster. The most common way this happens is where an email system is cloud based and the users have unintentionally opened a program that intercepts the email between the computer on which they were authored and the host cloud. 

The compromised email system allows the fraudster to read all emails. The fraudster may then program a scan which searches all emails for reference to money, transfers of funds, account details and other transactional information.

The fraudster then amends any relevant emails and inserts new payment details so that the fraudster obtains the benefit of the payment. Sally, understandably believing that the email (which was intercepted and amended by the fraudster) is from Tom, makes payment as instructed.

It is important to realise that because the fraudster is using Tom’s actual email account, none of the usual ‘giveaways’ are present. Tom’s email address is correct, and his signature is identical. Because the fraudster can read all emails, references to previous emails, even running jokes or themes can be adopted. It is only if the writing or composition style is entirely different that the substitution may be noticed.

If the fraud is well developed, then the fraudster may in fact impersonate Sally and send an email from Sally back to Tom, saying that payment has been delayed, so Tom does not immediately ask Sally why payment has not yet been made.

By the time both Tom and Sally become aware of the fraud, it is usually too late and the fraudster has often obtained the money. 

What to do if you become a victim of online fraud?

If you believe that you are the victim of an online fraud such as the above scenario, you should immediately notify your bank and ensure that no other payments are compromised. You should also report the matter to the police and obtain legal advice as soon as possible, so you can attempt to recover your funds.

The law has not yet caught up to these situations. Misdirected payments are always difficult for the parties involved. The innocent buyer will effectively be asked to pay twice, or alternatively the innocent seller never receives payment. It is a difficult and distressing situation for both, and neither are necessarily at fault.

How to avoid becoming a victim of online fraud?

  • Never, under any circumstances, send your banking details to anyone via email.
  • Never, under any circumstances, make payment to anyone using banking details provided to you via email, even if the email looks totally legitimate.
  • If providing or receiving banking details via email is the only option, make sure you call and verify those details over the phone before making payment. Further to that, make sure that the telephone number is one that you have independently verified, rather than being a telephone number set out in the email, as that too may be fraudulent.
  • Continually update and run your antivirus and anti-spyware software.
  • Change your passwords, ideally using a password manager program rather than a password which you have made up.
  • Do not open emails and attachments unless you are certain of their source and are expecting them. Run checks on all attachments before opening them.
  • Separate business use from home use when it comes to emails and computers. If possible, do not use home computers to conduct business and vice versa.

Can I claim the loss of money due to online fraud?

In some circumstances, a claim can be made to recover the loss of money from insurers or the lending institution. These claims need to be made immediately, usually while the stolen money can be traced in local bank accounts, and so the accounts can be frozen or the transactions reversed. It takes prompt notification and awareness to allow that to happen, and it is not always possible.

We have had some success recovering money for our clients, which has been lost due to fraud.

If you would like some legal advice regarding online fraud contact us today. 


Get in touch with today's blog writer:
Felix Hoelscher

Partner in Commercial Law and Business Law

Please note, this Blog is posted in Adelaide, South Australia by Andersons Solicitors. It relates to Australian Federal and South Australian legislation. Andersons Solicitors is a medium sized law firm servicing metropolitan Adelaide and regional South Australia across all areas of law for individuals and businesses.

Contact Us

For enquiries, please fill in the following contact form