You and your staff should be particularly vigilant about a form of wire fraud known as 'business email compromise' scams. This is a particular type of email fraud targeting businesses, in which fraudsters send emails posing as senior executives instructing a staff member to transfer money or make a payment, either by compromising the senior executives' real email account or setting up a fake one. Often, these emails will be targeted particularly at staff that have the authority to perform the transaction.
It's important to have strict processes in place for payments, such as multiple approval steps, and to educate your staff to suspect email requests that appear out of the ordinary. It's often advisable for staff to verify the legitimacy of an email request by contacting the sender using another channel, such as phone.
The Commonwealth Bank may at times email customers with important updates, but we'll never send emails asking customers to confirm, update or disclose personal or banking information. Most financial institutions follow the same practice.
If you receive an email that looks like it's from Commonwealth Bank that you believe may be a hoax, please forward it as an attachment to firstname.lastname@example.org.
It's important you never click on links or attachments in an email you think is a hoax. If you did click on a link and you are worried, use your security antivirus/anti-malware software to run a scan of your computer or device.Examples of hoaxes and scams
Using your staff email address to sign up for a broad range of online services - particularly consumer services that are not sufficiently secured for business use - increases the possibility of the email account being compromised or used in phishing attacks.
It's important to restrict use of business email accounts to business-related purposes.