Tesla buying process in spotlight after Aussie scam

The purchasing process for Tesla electric vehicles has come under fire after two Australian consumers lost more than $130,000 between them because of fraud.

The ABC has reported that a Perth woman and a Sydney man were both duped to the order of $75,000 each during the past 18 months, after unknowingly transferring money into a fraudulent Tesla account.

After making deposits for a new Tesla Model 3 via the US car-maker’s secure website, each customer was respectively sent an email from the company, with an invoice attached.

That invoice was intercepted by hackers and the bank details changed.

One of the victims, Andrea Hammond, told the ABC: “I absolutely cannot understand why Tesla don’t do the invoicing in the payment system through a secure website.

“Instead, I was sent an unsecured, editable invoice that anybody could get into and change the numbers, so the hackers didn’t have to create a new invoice.

“It was just too easy,” she said.

Hammond and the Sydney man, whose identity isn’t disclosed, have urged Tesla to review its payment process.

Although Tesla offers Bitcoin payments to customers in the US, it is not known whether Australian customers have an alternative to the dated email invoice practice.

“I should have checked the bank account details on the invoice by telephoning Tesla directly, but there was no phone number readily available to ring or to contact them,” said the Sydney man, who unknowingly deposited money into a fraudulent account in September 2019 for his new Tesla Model 3.

“They wanted payment quickly because the vehicle had become available, so I paid the invoice.”

While there is no law against companies sending large invoices via email, the Sydney man told the ABC that he believed Tesla’s method is “an insecure way and a risky way of requesting payment” and that Tesla “has failed in their duty of care to their customers”.

The ABC reports the Sydney man took his case to court last year after NSW Police charged a Victorian man with dishonestly obtaining financial advantage and dealing with the proceeds of crime.

The judge presiding over the case reportedly found there was not enough evidence to make a conviction.

The two impacted Tesla customers both tried to get their money back via the banks. Hammond was unsuccessful while the Sydney man managed to claw back $17,800.

Police say that in many cases, money obtained fraudulently by cybercriminals is shifted between multiple domestic banks accounts set up using stolen identities, before being sent offshore.

Consumer advocates and independent bodies have repeatedly called for banks and businesses to do more to protect their customers over invoice scams, also known as business email compromise scams.

Tesla’s Australian operation is yet to formally comment on the matter.