Multiple Mercedes-Benz customers in Victoria are among the latest car buyers to fall victim to scammers intercepting invoices.
In total over the last 24 months, criminals made off with over $270,000 from several Mercedes-Benz buyers.
According to the The Sydney Morning Herald, the scammers intercepted emailed invoices, changing the BSB and account details, for multiple customers across Victoria.
But Mercedes-Benz says it’s not due to any vulnerability in its own systems.
“Mercedes-Benz Australia’s systems were not compromised,” a spokesperson from Mercedes-Benz Australia told CarExpert.
“Mercedes-Benz Australia takes cyber security and data protection very seriously and is continually enhancing our processes to safeguard the secure exchange of information between our retailers and customers.
“Our retailers are also required to maintain the security of their systems using the latest technology.
“Sadly, the issue of invoice fraud is not unique to our brand or our industry. It is a risk whenever there is an exchange of financial information online. To mitigate this risk, we are continuously evolving security measures to make online payments safer.
“We also urge our customers to be vigilant by ensuring an email or invoice purporting to be from a retailer is legitimate by calling the retailer to confirm it is genuine and any account details are accurate.”
One customer, Georgina Smith, told The Sydney Morning Herald she assumed the details were correct after purchasing a separate vehicle from the same Berwick Mercedes-Benz dealership previously.
“That’s why I didn’t call and confirm because I dealt with these people before and it all checked out exactly the same,” Ms Smith told the newspaper.
“It was really hard to tell… Someone’s come in and basically altered the invoice and the bank account details, pretty much to a tee, like you wouldn’t even know.”
Ms Smith said two days after paying her $38,500 deposit for her Mercedes-AMG A35 back in May 2022, a staff member from the Mercedes-Benz dealership called her to chase up funds as they were yet to be received.
Thinking it was perhaps a banking delay, Ms Smith then received another copy of the invoice by text message which showed another set of bank details. Upon realising what had happened, Ms Smith contacted her bank however the money was already gone and the bank was unable to retrieve it.
Ms Smith says she contacted Mercedes-Benz to report the issue and claims the luxury carmaker told her that it was her emails that had been hacked and that her $38,500 deposit was still due to be paid.
She claims she had an independent IT team analyse the email servers in question but was able to confirm nothing had been compromised.
“It just felt like they’d been through it before, they were like, ‘No, this is your fault’ – and that was it,” Ms Smith said.
“It still makes me extremely angry. I fought for a long time and then I just had to take it as a loss.”
7News reports Ms Smith had to repay her deposit and the remaining balance of the vehicle in full. Her bank, insurance company and Mercedes-Benz were unwilling to help recover the $38,500 worth of stolen funds.
“It’d be nice for Mercedes to admit that their system has been compromised,” Ms Smith told 7News.
“I think that their internal procedures need to be fixed to prevent it happening to more people, it’s clear that it’s something from their end.”
According to The Sydney Morning Herald, three other cases of similar scams have been reported in less than a year.
Rob Heathcote lost $100,000, and claims scammers intercepted emails from Mercedes-Benz Melbourne and impersonated dealership staff.
In one email in particular, Mr Heathcote claimed scammers told him his wife’s Mercedes-AMG CLA 35 was delayed on a ship despite having already landed in Melbourne.
Consequently, Mr Heathcote transferred $100,000 to the wrong bank account. Mr Heathcote wasn’t made aware of the scam until his dealership salesperson sent a text which said “Rob, when are you going to pay for the car?”.
“I’ve gone, ‘f—, are you serious?’ I called him straight away and I said, ‘mate, I paid six weeks ago,” Mr Heathcote told The Sydney Morning Herald.
Mr Heathcote was able to recover his funds from his bank after his experience gained media coverage.
“I’m still not totally convinced it was all me [that was hacked],” Mr Heathcote told The Sydney Morning Herald.
”But of course, since this happened, I’ve got more cyber firewalls in my office than the Bank of England.“
The Sydney Morning Herald reports Mercedes-Benz is facing legal action from a couple who lost $139,000 as a result of an invoicing scam in 2023.
Wendy Angliss and Derrick Thompson are claiming they lost money after paying an invoice for their Mercedes-Benz GLE 400d, and argue the company shouldn’t provide customers with payment details through email to avoid incidents like this.
According to The Sydney Morning Herald, the brand said Ms Angliss contributed to her own losses by not having adequate IT or password security on her email.
Additionally, the newspaper reports a woman who was in the process of purchasing a Mercedes-Benz GLC 300e from the company’s Melbourne dealership was told the $98,800 balance of her SUV was not received and directed her to try another bank account.
After contacting the Melbourne dealership she learned of the scam and the salesperson told the woman not to comply with the request and recommended she change her email passwords.
These scams are called business email compromise scams, and aren’t unique to the automotive industry.
The Australian Competition and Consumer Commission (ACCC) told 7News that between January 1, 2023 and September 30, 2023, Scamwatch received 981 business email compromise scam reports which totalled a loss of around $13 million.
Customers who are paying invoices online are encouraged to confirm any online bank details either in person or over another method of communication before making payment.
Mercedes-Benz Australia isn’t the only brand to have its customers fall prey to cybercriminals.
In 2021, two Tesla buyers were scammed in similar circumstances which saw almost $75,000 transferred to the incorrect bank account.