Business email compromise (BEC) is a type of targeted phishing (spear phishing). The goal of the fraudster is to research and/or impersonate their target, to scam them for money, goods, or sensitive information/data that can be used in the future.  There are several variations of this type of scam, the most common being variations of employee impersonation, and invoice fraud.

Employee impersonation

The fraudster may target a business, posing as an employee, usually high-ranking. They may send email correspondence to an employee, from a spoofed email address, or they may use a compromised employee email account. The correspondence will generally request payment of an invoice/bill, or it may request sensitive information about the business or business accounts. The email may even request the purchase of gift cards to then have the details provided to the fraudster to redeem. Another common form of this scam is payroll redirection requests, where the fraudster will pose as an employee, requesting their payroll team to pay a salary into a new account number.

How to protect yourself:

  • If you receive an unusual email from a colleague asking for payment of a bill, or information that seems out of character, check the email address by hovering over the sender’s name to see the true email address as this can sometimes be spoofed.
  • Call the colleague on their known phone number to verify the request is genuine.
  • Check for any spelling or grammatical errors, and language that seems unusual for that person.
  • Ensure your cybersecurity is strong and any software you use is up to date and address any identified security issues in a timely manner.
  • Educate staff on this type of scam, especially those who administer accounts or financials.
  • If a request to change a salary payment is received, ensure that the change is verified with the employee using the known contact details for that employee.

Invoice Fraud

The fraudster may target an individual or business by issuing a doctored/fabricated invoices or overdue bill notices, but with account details changed to redirect funds to a scam account. The compromise may occur at the supplier end, or it may occur on the payer’s end.

How to protect yourself:

  • Check the origin of any emailed invoice or bill and verify the email address is genuine. Hover over the sender to see the true email address, as this can sometimes be spoofed. Remember to still be cautious as the supplier’s email address could in fact be compromised.
  • Call the vendor/supplier to confirm the account details are correct, using their listed phone number on their genuine website.
  • Check for spelling or grammatical errors in the email.
  • Be aware of any requests to pay an urgent or overdue bill, and still take the time to review the payment request and where the funds are being sent to.
  • If a vendor/supplier you often pay has contacted you with change of account details for future payments, ensure that you verify the request is genuine before updating your payee list.
  • Check your email account is secure, use strong passwords, don’t click on suspicious links or attachments, and avoid giving your email details to untrustworthy entities.

Watch this video from the Australian Federal Police to find out more.

Visit our Fraud and Scams hub.