Cybersecurity depends on you

Scams are increasing in number and sophistication. But protecting your broking customers and your business can come down to three simple steps. Stop. Check. Reject.

Australian businesses lost $23.2 million to 3,857 scams in 2022, according to the latest report by the Australian Competition and Consumer Commission (ACCC).1 That’s an eye-watering 73% increase on the $13.4 million scammed the year before.

Scammers often target specific people in a business. They aim to catch you when you’re busy and not 100% focused. Scammers are often very convincing – they go out of their way to gather information about you and your business to make their requests appear legitimate, and they’re constantly changing their attack vectors to increase their chances of success.

Asset finance payment redirection scams (Business Email Compromises [BECs])

Attracted by the large amounts of money involved, scammers can target asset finance brokers with email compromise payment redirection scams. 

This is how it works. 

Scammers learn about the financial transactions underway between broking customers, their brokers and asset suppliers by hacking into the email account of one of the parties. The scammer will patiently monitor emails and wait until the transaction gets close to settlement. They’ll then intercept a genuine email from the customer and change the bank account details. So when you receive your customer’s email, you’re expecting it and everything looks genuine – except that the bank account details are for the scammer’s account.  

Alternatively, the scammers may create a new fake email address that’s difficult to distinguish from the original in an attempt to redirect the payment to their account.

That’s why you need to make sure that when you’re given new account numbers by your customers you validate them by calling your customer on a trusted phone number. Be particularly alert to a customer emailing you to advise they’ve changed their bank account details.

Top 5 ways brokers can protect against scams

  1. Always confirm new account details over the phone with customers and suppliers.
  2. Never download apps or programs to your phone or computer if someone asks you to.
  3. Never share your banking details or one-time passwords or codes with anyone, including someone from your bank.
  4. Make sure you have good password protocols.   
  5. Know who you’re dealing with – take time to do some research even if the people or organisation seem trustworthy.

Anyone can be scammed

It doesn’t matter how experienced or professional you are, anyone can be targeted by a scammer. Don’t take the security of your business for granted – and make sure that your customers don’t either.

  1. Stop. Does a call, email or text seem off? The best thing to do is stop. Take a breath. Real organisations won’t put you under pressure to act instantly.
  2. Check. Ask someone you trust or contact the organisation the message claims to be from.
  3. Reject. If you’re unsure, hang up on the caller, delete the email, block the phone number. Change your passwords.

Cyber Wardens program helps defend against online threats

CommBank has partnered with the Council of Small Business Organisations Australia (COSBOA) and Telstra to introduce the Cyber Wardens program. The program supports and educates small businesses to build cyber resilience with the help of a simple educational tool. You can learn more at

We’re here to help

Speak to your Business Development Executive, visit or contact us at For further information on fraud and scams, visit us at CommBank Safe –

Things you should know

  • 1 ACCC, Targeting Scams, April 2023. Accessed 10 May 2023.

    The information contained in this article is published solely for informational purposes and provides general market-related information, and is not intended to be an investment research report. It does not take into account objectives, financial situation or needs for you or your customers. Readers should consider the appropriateness to them and their customer’s circumstances.

    Products mentioned in this article are only available to approved business customers and for business purposes only. Applications for finance are subject to the Bank’s normal credit approval and customer eligibility. Fees, charges and conditions apply. Rates are subject to change. Full terms and conditions will be provided with any agreement upon credit approval. View our Financial Services Guide (PDF). Find our Privacy Policy.

    Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian credit licence 234945.