One common scam that affects businesses in Australia is business email compromise (BEC) scams. This usually involves the impersonation of a senior executive making a request for payment or the impersonation of a supplier requesting to change the recipient details for future payments.  

Here are five steps you can take to help protect yourself and your business against this type of scam.

1. Protect your emails

BEC starts with either the payer or the payee’s email being compromised. Using Multi Factor Authentication (MFA) for your emails will make it harder for scammers to gain access and is a good first step towards protecting your business.

2. Educate your employees

Make sure your employees know how to recognise and prevent these types of email scams. Some strategies include:

  • Raising awareness of these scams and how they’re conducted
  • Training your employees to watch out for suspicious emails
  • Adding a multi-person approval process for verifying and paying new accounts or for payments above an agreed threshold
  • Keeping up to date with the latest on scams at Scamwatch or CommBank

3. Look for the signs

Email payment scams are designed to appear as a “business as usual” request for payments, but there are some potential warning signs to help you identify a scam request. The more of these warning signs you see, the more careful you should be before responding. Red flags include, but are not limited to:

  • The payment request is marked as ‘urgent’ or ‘confidential’
  • There is unusual language or formatting from the sender
  • You are asked to ignore the existing payment authorisation process
  • The recipient account is different to commonly used accounts
  • The ‘reply to’ email doesn’t match the sender’s email address

4. Act with caution

If you doubt an email request is legitimate, take extra steps to validate the email. The steps you can take include:

  • Call the sender to confirm the request sent over email was legitimate. Call the sender on the phone number listed for the sender in your internal directory or customer relationship management system – never the number listed in the email
  • Escalate if something feels suspicious

5. Get in touch with your bank

If you’ve transferred money to a wrong bank account as the result of a business email compromise, let your bank know immediately.

CommBank customers can call 13 22 21 and select option 4 at any time. CommBiz customers can contact the CommBiz help desk on 13 23 39.

Things you should know

This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. As this information has been prepared without considering your objectives, financial situation or needs, you should, before acting on this, consider the appropriateness to your circumstances.