Business email scam

Be alert: If you have been a victim of a cybercrime such as fraud, report it to the Australian Cybercrime Online Reporting Network. More details | cyber.gov.au/threats/business-email-compromise
Be alert: If you have been a victim of a cybercrime such as fraud, report it to the Australian Cybercrime Online Reporting Network. More details | cyber.gov.au/threats/business-email-compromise

Police are reminding businesses to stay vigilant when using emails to avoid becoming victim to cyber fraudsters through a business email compromise (BEC).

A BEC occurs when an individual or a company receives a fake invoice purporting to be from a service or goods provider, expecting payment to the fraudster's account or another account which will then transfer the funds to the fraudster.

BEC usually takes one of four basic forms:

  1. Executive fraud: The cybercriminal successfully masquerades an executive's email address and then sends a message to staff in your business directing them to transfer funds to the scammer's account.
  2. Legal impersonation: The cybercriminal masquerades as a lawyer or legal firm representative requesting payment for an urgent and sensitive matter.
  3. Invoice fraud: The cybercriminal masquerades as a trusted supplier and sends a fake invoice to your business.
  4. Data theft: A cybercriminal may masquerade as a trusted person to request sensitive information which can be used as part of a larger scam.

Police are urging individuals and companies to review their received emails to determine if any letters or symbols in the email have been altered. If changes or alterations are detected, companies need to have their computer examined by an IT technician for any possible spyware such as keylogger. Company emails can be infected by a Trojan virus, which can be very difficult to detect, and allows a third party to intercept communications.

Should individuals or companies suspect this may have occurred to them, they should change their password immediately and inform all their contacts of their 'business email compromise' to reduce further victimisation.

Staff should be on the lookout for warning signs like an email sent from someone in a position of authority who wouldn't normally send payment requests, urgent payment emails which threaten consequences and suppliers providing new bank account details.