Help & support
Business email compromise (BEC) is a type of scam where scammers impersonate individuals or organisations to trick business owners or employees into sending money/sensitive information. This is often done by taking over a real email account or using an email address that looks very similar to a legitimate address.
These scams often involve fake invoices, requests to change payment details or urgent messages that appear to come from senior executives or trusted suppliers.
Scammers often use a method called business email compromise to trick businesses into sending money to the wrong bank account or sharing sensitive information.
These emails often look like they’re from someone you trust – a manager, supplier or customer – and may ask you to update bank account details or make a payment to a new account.
Everyone is vulnerable to email scams. Remember: Stop. Check. Reject.
Scammers often use a method called business email compromise to trick businesses into sending money to the wrong bank account or sharing sensitive information.
These emails often look like they’re from someone you trust – a manager, supplier or customer – and may ask you to update bank account details or make a payment to a new account.
Everyone is vulnerable to email scams. Remember: Stop. Check. Reject.
Business email compromise attacks can be hard to spot, but there are warning signs to watch for:
If something feels off, always verify the request by calling the person directly using a trusted contact number you have sourced yourself.
Australian Cyber Security Centre Small Business Guide
This guide includes basic security measures to help protect your business against common cyber security threats.
Build cyber resilience with Cyber Wardens
Developed with the Council of Small Business Organisations Australia and Telstra, the Cyber Wardens program helps you build cyber resilience for your small business.
If you haven't engaged with its contents, clicked a link or replied to it, report the email to CommBank's 24/7 Cyber Security Centre by forwarding it to hoax@cba.com.au, then delete the message.
1 Australian Government, ScamWatch: Business email compromise scams cost Australians $132 million | Scamwatch
This information is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. As this information has been prepared without considering your objectives, financial situation or needs. You should, before acting on this, consider the appropriateness to your circumstances.
