ACCC warns businesses to beware of BEC scams

- November 27, 2018 2 MIN READ

The ACCC’s Scamwatch is warning businesses about business email compromise (BEC) scams.

This year, reports to Scamwatch about these scams have grown by a third, with businesses reporting losses totalling $2.8 million – accounting for 63 per cent of all business losses reported to Scamwatch.

What are BEC scams?
This is when a hacker accesses a business’s email account or ‘spoofs’ a business’s email so their emails appear to come from the company. The hacker then sends emails to customers to notify them that the business’s banking details have changed and that future invoices should be paid to a new account.

These emails look legitimate as they come from one of the business’s official email accounts. Customers then start making payments into the hacker’s account.

In other variations of the scam, the hacker will send an email internally to a business’s accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an off-shore account.

Hackers may also request salary or rental payments be directed to a new account.

Protect your small business
As a first step, all small businesses should urgently review how they verify and pay accounts and invoices.

Consider a multi-person approval process for transactions over a certain dollar threshold.

Check directly with your supplier if you notice a change in account details – don’t just rely on return email, instead find older communications to ensure you have the right contact details or otherwise independently source them. 

Keep your IT security up-to-date with anti-virus and anti-spyware software and a good firewall.

If you fall victim to BEC scams, contact your financial institution immediately and consider professional IT advice to ensure your email systems and data are secure from hackers.

Businesses can report scams to and also subscribe to Scamwatch on Twitter and Scamwatch radar alerts to keep up to date with the latest scams affecting the business community.

Popular in the network