What's business email compromise?

  • Business email compromise (BEC) is a type of scam targeting businesses of all sizes and can result in significant financial loss. It refers to emails from a compromised email address, or emails made to look like they're from someone you know, such as your boss, colleague, supplier or customer.

    These scams can involve emails sent to, or from, you or your business requesting payment to an account under the control of the attacker.

    If you receive an email with a request to change payment method, pay a new account, or an invoice with different account details to those usually used, remember to stop and check. Verification is a key way to help prevent losses.

Technology

  • Multi-factor authentication (MFA)

    Use multi-factor authentication wherever possible to help protect against compromised passwords.

  • Update & automate

    Turn on auto-updates so your software and devices are protected against known security vulnerabilities.

  • Extra protection

    Contact your IT service provider to discuss additional email controls to help prevent domain takeovers.

    Implement controls to lockdown access to cloud-based email to a specific set of IP addresses. 

NetBank & CommBiz

NameCheck

  • NameCheck is a security tool that searches the account details you’ve entered when making a first-time payment in NetBank and the CommBank app. Based on our available payment data, NameCheck will then indicate whether the account details look right. For example, if we’ve never seen an account name used for a particular BSB and account number, we’ll prompt you to take further steps to help ensure you’re paying the right person or business.

In-app security

  • We may notify you if we notice irregular transactions or logins on your account. Ensure you activate location-based security and review your registered devices. Turn on your notifications in the CommBank app to receive alerts.

CallerCheck

  • Received a call from us? CallerCheck allows you to verify whether a caller claiming to be from CommBank is legitimate, by triggering a security notification in your CommBank app.
  • Activate location-based security and change international money transfer limits to $0 if you don’t need to transfer money overseas.

NameCheck

  • NameCheck is a security tool that searches the account details you’ve entered when making a first-time payment. Based on our available payment data, NameCheck will then indicate whether the account details look right. For example, if we’ve never seen an account name used for a particular BSB and account number, we’ll prompt you to take further steps to help ensure you’re paying the right person or business.

    Pay close attention to the NameCheck prompts for every payment, especially when dealing with new beneficiaries. Soon, NameCheck will also support bulk payments, providing an extra layer of security for those transactions.

Use roles and enforce restrictions

Process

    • Double-up and require multiple authorisers for large payments and enforce separation of duties, no exceptions
    • Double check payment or change of account requests using an alternative communication method: a verified phone number, or in person
    • Double down on restricting how much information you reveal about your suppliers and staff on public websites and social media.

People

    • Train staff to understand business email compromise so they can recognise the threat
    • Speak up culture, so staff challenge any unusual requests for payment, even if they seem to come from senior people
    • Always verify and encourage a culture where staff don't automatically trust email communications
    • Cyber hygiene practiced, such as using strong passphrases that are not re-used across accounts, and awareness of phishing scams.

More resources

Man and woman talking standing at a laptop

Cyber Wardens

Cyber Wardens is backed by an alliance of Industry and Government supporters, including CommBank to help small business build their cyber capabilities.

Explore Cyber Wardens

CommBiz security

CommBiz uses security features to help protect your business’ finances.

Explore CommBiz security

How to set-up multi-factor authentication

How to set-up multi-factor authentication

Australian Cyber Security Centre

To learn more about protecting your business, visit the Australian Cyber Security Centre.

Explore now

Things you should know

  • This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. As this information has been prepared without considering your objectives, financial situation or needs. You should, before acting on this, consider the appropriateness to your circumstances.