Business email compromise scams
Fraudsters often use email to impersonate a legitimate business or valid employee for financial gain. Spot the signs to avoid becoming a victim.
Operating a successful company requires dedication, vision and hard work. Unfortunately, there are unethical operators who prefer to take advantage of the efforts of others rather than build their own enterprise.
According to the Australian Competition and Consumer Commission (ACCC), business email compromise scams cost companies a whopping $132 million in 2019, the highest losses of all types of scams.
What is a business email compromise scam?
A business email compromise scam is a type of cybercrime where fraudsters use email to impersonate a legitimate business or valid employees of a company and request that money or goods are sent to a fraudulent account.
There are several different techniques that scammers commonly use:
- Invoice fraud: Criminals compromise the email account of a genuine vendor and gain access to legitimate invoices of their clientele. The fraudsters edit the contact and bank details on the invoices. Customers pay the fake invoice believing it is a valid bill from a trusted vendor, but instead deposit the funds into the scammer’s bank account.
- Employee impersonation: Criminals compromise the email account of a valid employee of a company and impersonate that worker. If the compromised email belongs to a senior colleague such as a CEO, instructions are given to create a false invoice with fraudulent methods of payment. Another approach is to use the compromised email of an employee to update their banking details, depositing their salary into the criminal’s bank account.
- Company impersonation: Criminals register a domain with a name similar to a familiar organisation. The fraudsters then impersonate the trusted organisation in an email to a vendor and request a quote for a large number of expensive goods, such as laptops or mobile phones. The fake company negotiates with the legitimate vendor to deliver the goods to a false recipient at a certain location, but the invoice is sent to the legitimate organisation, which never ordered or received the goods.
How to protect yourself
By taking precautionary measures, a company can prevent business email compromise scams from costing them time and money.
- Always confirm banking details, even if it is an organisation that you have worked with before
- Check the details of a sender’s name and logo. Slight variations of a trusted organisation are a red flag that the email is not legitimate.
- Compare suspicious correspondence to emails that you have received from the same organisation in the past
- Exercise caution when opening emails from unknown senders, and avoid clicking on links or opening attachments
- Grammatical and spelling errors are a warning sign that the email of a legitimate business has been compromised
- Do not take action on urgent requests for payment or threats of serious consequences if payment is not made.
If you are the target of a business email compromise scam, or any other type of scam, you can report the incident to Scamwatch. If you feel your accounts may have been compromised as a result of a scam or fraud, please contact us on 13 13 86.
This article is intended to provide general information of an educational nature only. Information in this article is current as at the date of publication.