One common scam that affects businesses in Australia is business email compromise (BEC) scams. This usually involves the impersonation of a senior executive making a request for payment or the impersonation of a supplier requesting to change the recipient details for future payments.
Here are five steps you can take to help protect yourself and your business against this type of scam.
1. Protect your emails
BEC starts with either the payer or the payee’s email being compromised. Using Multi Factor Authentication (MFA) for your emails will make it harder for scammers to gain access and is a good first step towards protecting your business.
2. Educate your employees
Make sure your employees know how to recognise and prevent these types of email scams. Some strategies include:
- Raising awareness of these scams and how they’re conducted
- Training your employees to watch out for suspicious emails
- Adding a multi-person approval process for verifying and paying new accounts or for payments above an agreed threshold
- Keeping up to date with the latest on scams at Scamwatch or CommBank
3. Look for the signs
Email payment scams are designed to appear as a “business as usual” request for payments, but there are some potential warning signs to help you identify a scam request. The more of these warning signs you see, the more careful you should be before responding. Red flags include, but are not limited to:
- The payment request is marked as ‘urgent’ or ‘confidential’
- There is unusual language or formatting from the sender
- You are asked to ignore the existing payment authorisation process
- The recipient account is different to commonly used accounts
- The ‘reply to’ email doesn’t match the sender’s email address
4. Act with caution
If you doubt an email request is legitimate, take extra steps to validate the email. The steps you can take include:
- Call the sender to confirm the request sent over email was legitimate. Call the sender on the phone number listed for the sender in your internal directory or customer relationship management system – never the number listed in the email
- Escalate if something feels suspicious
5. Get in touch with your bank
If you’ve transferred money to a wrong bank account as the result of a business email compromise, let your bank know immediately.