Scammed company ordered to fork out $190k after paying fraudulent invoice

May Be Interested In:Southport families say sentencing should not have been televised


Businesses are being warned to be vigilant against invoice scams, after a likely precedent-setting decision by a WA court.

The District Court decision, handed down just before Christmas, resolved the fight between two companies over who should bear the losses of the scam nearly three years earlier.

But lawyers say its effects are likely to be felt across the country, as the legal system catches up with fraudsters.

Hackers used director’s email

The story began with an electrical contractor, Mobius Group, agreeing to work on a Rio Tinto project for another company, Inoteq Pty Ltd.

In March and April 2022, Mobius emailed Inoteq invoices for $235,400 — but on the day Inoteq went to pay them, unbeknownst to either company, a hacker sent fraudulent emails from Mobius’s systems.

Almost 40,000 false billing scams took place in 2023. (ABC South East SA: Kate Hill )

The first, seemingly from Mobius’s director, provided new bank details with a request to “kindly pay attention and update your records”.

That email rang alarm bells for Inoteq, court records show, with a staff member calling Mobius to confirm the new details but being unable to because they said there was a poor phone line.

Instead, they sent a follow-up email requesting proof of the account change, which the scammer replied to.

It was only about a week-and-a-half later, when Mobius followed up on the outstanding payment, that the scam was uncovered and police called in.

By then, some of the money had been sent overseas but $43,541 was able to be recovered.

A cybersecurity expert who testified in the case said the scammer had gained access to the Mobius director’s email account — meaning there was no way for Inoteq to tell it was fraudulent without a phone call.

Inoteq failed to protect itself

A few months later, Mobius started legal action to recover the $191,859, which remained unpaid.

Inoteq ultimately failed in its attempts to argue it shouldn’t have to pay that money, including because of an indemnity clause in its contract or because Mobius had failed in its duty of care by not taking further steps to protect its email accounts.

Judge Gary Massey said while Inoteq had been “prudent” in calling Mobius Group to confirm the change: “The telephone call was inadequate in all the circumstances and should have prompted a subsequent telephone call.”

Person holding a phone in left hand

The judge said Inoteq could have done more to protect itself from the scam. (Unsplash: Jae Park)

“Having received the fraudulent invoice, the defendant made no further telephone call. Instead it simply paid a very large amount of money to the fraudulent bank account,” he wrote in his judgement.

“While it may have been vulnerable to loss if the plaintiff’s email account was compromised, it had the ability to protect itself against vulnerability. It failed to do so.”

Judge Massey ruled Inoteq would be required to pay the unrecovered amount, plus six per cent interest per year.

False invoice scams common

Andrew Bower is a director at Solomon Hollett Lawyers who commonly deals in commercial disputes, and said he was surprised courts weren’t dealing with issues like this more, given how common this type of scam is.

ACCC data shows reports of so-called false billing scams, which include the type of fraud Inoteq fell victim to, are on the rise from 13,120 in 2020 to 39,587 in 2023.

“This is an interesting development in the law because, to my knowledge, this is the first reported decision dealing with a situation where the fraudulent updated bank account details were sent solely from a legitimate email address,” Mr Bower said.

A Caucasian man with dark glasses and wearing a suit smiles at the camera.

Mr Bower says there are elements of the case that haven’t been seen before. (Supplied: Andrew Bower)

“In previous cases, often the fraudulent updated bank account details come from a similar but different email addresses.

“In this case, the fraudulent updated bank account details came from a legitimate but compromised email address, but even so, the court found that the recipient of the fraudulent email was still liable to pay.”

Commercial lawyer and Ahern Sierakowski director Marcus Ahern said while the decision will only be binding in a small number of cases, it’s likely to be highly persuasive when judges consider similar cases across the country.

“It’s highly unlikely that another case will occur that will involve a different decision,” he said.

Terms and conditions in focus

The government has released draft laws to protect people against scams, and compensate those who fall victim, as banks work towards cross-checking account names before payments are made. 

Beyond that, Mr Ahern said the court’s decision was likely to push companies and their lawyers to have a fresh look at contracts.

A head shot of Marcus Ahern who wears a blue business shirt and tie

Commercial lawyer Marcus Ahern says the decision will have ramifications for similar cases around the country. (Supplied)

“Now, businesses will have to adjust their T’s and C’s in their contracts and try and make sure that if they pay by mistake they won’t lose the money,” he said.

“In other words, they’ll put the onus back on the company receiving the money: give us a set of account numbers in a contract, and we will pay only to those account details, and that’s what will be specified, and it won’t be able to be changed.”

Mr Bower said there was also a practical message for companies and their staff.

“It is often the recipient of invoices who are in the best position to protect themselves against the vulnerability, and that is really as simple as making the telephone call,” he said.

Loading

share Share facebook pinterest whatsapp x print

Similar Content

Clockwise from top left: chef Romy Gill, murg malai (chicken) skewers, sakoon (creamy) paneer and kumro (stir-fried spiced pumpkin)
Indian home-cooking recipes from Romy Gill
Cheap Clinical Biomarker May Predict Long COVID Severity in Older Women
Cheap Clinical Biomarker May Predict Long COVID Severity in Older Women
3 Wellness Rules For December: Enjoy The Celebratory Season, Nutritiously
SMU death penalty: Revisiting Mustang football's NCAA recruiting violations in 1980s
SMU death penalty: Revisiting Mustang football’s NCAA recruiting violations in 1980s
Live: Kim Birrell faces number two seed Emma Navarro in Brisbane
Live: Kim Birrell faces number two seed Emma Navarro in Brisbane
A depiction of the chess match between Howard Staunton and Pierre Saint-Amant, on 16 December 1843
Complexity physics finds crucial tipping points in chess games
Frontline Report: Today’s Hard-Hitting Stories | © 2025 | Daily News