You’ll need to update your browser so you can continue to log on to your online banking from 28th February. Update now.

Close

Guidance

How to protect your business against email payment fraud

How to protect your business against email payment fraud

Email payment fraud is a common scam. Make sure you safeguard your business against it.

In 2016, Australian businesses reported losses of around $3.8 million to scams, according to the Australian Competition and Consumer Commission1.

One common scam that affects businesses in Australia is email payment fraud, also known as business email compromise (BEC). This typically involves impersonation of a senior executive or supplier who makes a request for a payment or to change recipient details for future payments.

Here are four steps you can take to help protect yourself and your business against these type of scams.

1. Look for signs of fraud

Email payment scams are designed to appear as ‘business as usual’ requests for payment, but there are some potential warning signs to help you to identify a fraudulent request. The more of these flags you see, the more careful you should be before responding.

  • The request is marked ‘confidential’ and ‘urgent’
  • There is unusual language or formatting from the sender
  • The ‘reply to’ email doesn’t match the sender’s email
  • The bank account listed is different to commonly used accounts
  • You’re asked to ignore your payment authorisation process

2. Act with caution

If you doubt an email request is legitimate, take extra steps to validate the email.

  • Call up the sender to confirm the request sent over email was legitimate. Use the phone number listed for the sender in your internal directory or customer relationship management system, never the number listed in the email
  • Escalate if something feels suspicious

3. Educate your employees

Make sure your employees know how to recognise and prevent these types of email scams. Some strategies include:

  • Training your employees to watch out for suspicious emails
  • Adding a multi-person approval process for verifying and paying new accounts or for payments above an agreed threshold
  • Raising awareness of the consequences of posting business information on social media
  • Keeping up to date with the latest scams

4. Get in touch with your bank

If you’ve transferred money to a wrong bank account as the result of a fraudulent email, let your bank know immediately.

CommBank customers can call 13 2221 and select option 4 at any time.

[1] Australian Competition and Consumer Commission (ACCC), Targeting scams Report of the ACCC on scams activity 2016, May 2017, https://www.accc.gov.au/system/files/1162%20Targeting%20Scams%202017_FA1.pdf. This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. You should consider seeking independent financial advice before making any decision based on this information.