In 2016, Australian businesses reported losses of around $3.8 million to scams, according to the Australian Competition and Consumer Commission1.
One common scam that affects businesses in Australia is email payment fraud, also known as business email compromise (BEC). This typically involves impersonation of a senior executive or supplier who makes a request for a payment or to change recipient details for future payments.
Here are four steps you can take to help protect yourself and your business against these type of scams.
1. Look for signs of fraud
Email payment scams are designed to appear as ‘business as usual’ requests for payment, but there are some potential warning signs to help you to identify a fraudulent request. The more of these flags you see, the more careful you should be before responding.
- The request is marked ‘confidential’ and ‘urgent’
- There is unusual language or formatting from the sender
- The ‘reply to’ email doesn’t match the sender’s email
- The bank account listed is different to commonly used accounts
- You’re asked to ignore your payment authorisation process
2. Act with caution
If you doubt an email request is legitimate, take extra steps to validate the email.
- Call up the sender to confirm the request sent over email was legitimate. Use the phone number listed for the sender in your internal directory or customer relationship management system, never the number listed in the email
- Escalate if something feels suspicious
3. Educate your employees
Make sure your employees know how to recognise and prevent these types of email scams. Some strategies include:
- Training your employees to watch out for suspicious emails
- Adding a multi-person approval process for verifying and paying new accounts or for payments above an agreed threshold
- Raising awareness of the consequences of posting business information on social media
- Keeping up to date with the latest scams
4. Get in touch with your bank
If you’ve transferred money to a wrong bank account as the result of a fraudulent email, let your bank know immediately.
CommBank customers can call 13 2221 and select option 4 at any time.