The Supplier Scam Targeting Melbourne Restaurant Owners

Melbourne restaurant and cafe owners operate with tight margins, high transaction volumes, and relationships with multiple suppliers — a combination that creates attractive conditions for invoice fraud and supplier impersonation attacks. The hospitality industry has seen a significant and documented increase in targeted financial fraud in 2025-2026, with criminals developing specific techniques for the sector.

The Fake Supplier Invoice

Restaurant owners regularly receive invoices from dozens of suppliers — food, beverages, cleaning products, linen services, equipment maintenance, and utilities. Criminals exploit this by sending convincing fake invoices for exactly these categories, using real supplier names, correct logos, and plausible invoice numbers — with only the bank account details changed. For amounts under $1,000, these invoices are often paid without close scrutiny. Over the course of weeks or months, multiple fraudulent invoices from multiple fake "suppliers" can accumulate to thousands of dollars in losses.

The Business Email Compromise on Your Accounts

A more sophisticated attack involves compromising the email account of one of your genuine suppliers. The attacker monitors the email communication silently, learns your payment schedule, and at the right moment sends an email from the genuine supplier account advising of changed bank details. The email appears to come from your actual supplier contact, uses their normal communication style, and references real previous invoices. Without verbal verification, these attacks are extremely difficult to detect.

The Utility Switching Scam

Door-to-door and phone-based representatives claiming to offer significant discounts on electricity or gas bills are common in Melbourne hospitality areas. They request access to a recent utility bill — which contains your account number, meter number, and current tariff — to "compare rates." This information is then used to switch your account to a more expensive tariff without your genuine consent, or to commit further fraud using your account details.

Protecting Your Restaurant

Implement a simple verification system: any new supplier or any change to an existing supplier's payment details must be verbally confirmed with a phone call to a number you already have before payment is processed. Keep a list of your approved suppliers with their verified bank details in a format that makes spotting changes easy. Use accounting software that flags new payees or changed payment details for review. And be very cautious about sharing utility bills with anyone who contacts you unsolicited — request time to "check with your accountant" and call your actual utility provider directly to verify any claim. IntrusionX provides practical security assessments for Melbourne hospitality businesses — contact us for a free consultation.

Protecting Your Email Account

The most important step for Melbourne hospitality operators is enabling multi-factor authentication on your business email account — whether it is Gmail, Microsoft 365, or another provider. Your email account is the master key to your business's digital identity. If a criminal gains access to it, they can monitor your supplier communications, intercept invoices, impersonate you to your suppliers, and redirect payments. MFA means that even if your password is stolen, your email account cannot be accessed without your phone. This one step provides enormous protection for a setup time of around five minutes. Contact your email provider's help centre or contact IntrusionX for help setting this up quickly and correctly.

Training Your Team

In hospitality businesses where staff turnover is high, security awareness can be difficult to maintain. A simple, memorable rule for all staff who handle payments or correspondence: any email asking you to pay money to a new account, or advising that a supplier's account details have changed, must be verified by calling the supplier directly before any payment is made. This rule, if followed consistently, prevents the vast majority of financial fraud targeting the hospitality sector. IntrusionX can provide brief, practical security training sessions for hospitality teams — contact us to find out more.