Create a free account, or log in

Afterpay, humm and LatitudePay warn customers after spike in BNPL scams

In an email to customers on Monday, Afterpay said it was “aware of recent increases in fraudulent phishing text and email activity” across the industry.
Melissa Iaria
scams tax bnpl scams
Source: Unsplash/Priscilla du Preez.

Australia’s best known buy now, pay later (BNPL) operator, Afterpay, has warned of a spike in fraudulent phishing text and email scams targeting customers across the financial services sector.

In an email to customers on Monday, the financial technology company said it was “aware of recent increases in fraudulent phishing text and email activity” across the industry.

“These are being undertaken by scammers attempting to gain unauthorised access to customer accounts,” the company said.

Afterpay has urged customers to take care to protect their accounts, by not sharing passwords or verification codes with anyone and ensuring they always inspect links within text messages or emails before clicking, even if it appears to come from Afterpay.

They were also told to watch out for any grammatical errors and typos in the messages, as these could be an indication of phishing.

Phishing is when scammers attempt to trick you into giving out personal details such as your bank account numbers, passwords and credit card numbers.

They may contact you by email, social media, phone call, or text message, pretending to be from a legitimate business.

BNPL platform humm also cautioned customers in the last fortnight of a phishing scam preying on its users.

“We are aware of an SMS phishing campaign targeting our customers,” the company warned.

“If you receive an SMS asking you to confirm your humm account details by clicking a link, please treat it as suspicious.”

This week, rival lender LatitudePay said a number of its customers had also reported receiving unsolicited verification text messages from a source claiming to be the company.

The text messages also targeted non-customers.

The company assured customers their account security had not been compromised and there was no unauthorised access or activity on their accounts.

“If you received an unexpected text message from LatitudePay, you can ignore it and delete it from your device,” the company said.

“Remember — don’t click on any links or respond with personal information if you receive an unexpected text message.”

LatitudePay said its security team was monitoring the situation.

Phishing scams were the most complained about scams to the Australian Competition and Consumer Commission’s Scamwatch in 2021.

There were more than 71,000 reports, a 62% jump on 2020, and over $4.32 million in reported losses.

In the first half of 2022, Scamwatch received 32,000 reports of phishing scams, but authorities say the figure is much higher.