Help & support
Scams rely on people within a business being tricked into transferring money to accounts they shouldn't. To prevent scams, we encourage the following:
Before you make a first-time payment for any amount you are not prepared to lose, call the person or organisation you are paying on a trusted number.
Ensure all of your accounts, especially email accounts, have strong, unique passwords and are setup with second-factor authentication (e.g. SMS).
Setup a payments approval process for your business, preferably requiring multiple approvers, with no exceptions.
Encourage a culture where staff are comfortable to question a payment instruction even if it’s from a senior executive.
Business email compromise scams target businesses of all sizes. They involve emails from a compromised email address, or emails made to look like they are from someone you know, such as:
These scams involve emails sent to you or your business with a request to make payment to a new account. This new account may be under the scammer's control, and your money could be lost. If you get an email with a request to pay a new account, or an invoice with different account details to those usually used - pause, review, reflect. Think about calling the sender of the email before paying.
One BEC variation that's prevalent is payroll scams. In these kinds of scams, cyber criminals impersonate employees in an attempt to trick staff into redirecting funds to the scammer. Staff working in HR, payroll or finance are most at risk.
Educating staff on how to spot these fraudulent emails will mean your business isn’t compromised and money isn’t lost. Here’s how to keep your business safe, as recommended by the Australian Cyber Security Centre.
It’s vital to educate your staff on what common scams look like so they can recognise them, report them and help safeguard your business from potentially costly mistakes.
How to keep your business secure in the age of remote working
Successfully scaling up your business' remote working capability requires attention to make sure the security of devices, connections, tools and people are up to scratch.
Understanding business email scams
Email scams that target business have evolved and these days often look very similar to legitimate business emails, such as an expected invoice or payment request. That's why it's important to understand how they work.
If you haven't engaged with its contents, such as clicking a link or replying to it, report it to CommBank's 24/7 Cyber Security Centre by forwarding it to hoax@cba.com.au, then delete the message.
