Is your business at risk of being email compromised? Business email compromise is when criminals use email to abuse trust in business processes to scam organisations out of money or goods (Business email compromise | Cyber.gov.au). This happens through the impersonation of business representatives and can include using similar names, domains, and logos or by using compromised email accounts and impersonating an employee.
There are three common scams around business email compromise:
Invoice fraud:
This is when a business’s email account is compromised, and the hackers gain access to legitimate invoices. They can then edit the bank details on these invoices and send them to customers through the compromised email account – looking VERY legitimate. The customer will then pay the invoice into the account of the hacker.
Employee impersonation:
A hacker may choose to target an individual’s work email and impersonate a person in power. The most common ways they commit fraud using this tactic is by having a false invoice raised or requesting a change to workers bank details. The payment of the invoice or the workers salary will then be deposited into the hackers account.
Company impersonation:
The criminals may choose to purchase a domain that has a similar resemblance to the company’s name. This allows them to impersonate a company and target suppliers. They will request a quote for an expensive purchase, convince the supplier to deliver now and pay later. The goods are then delivered to a specified address, and the invoice gets sent to the legitimate company.
If your business has been targeted, you can:
- Report to authorities: Report the incident to the ACSC at ReportCyber: Are you a victim of Cybercrime?
- Check account security: Secure any compromised accounts.
- Notify contacts and relevant third parties: Alert all employees and clients.
- Seek assistance defending your online brand: Domain names are your internet mail address and your online business identity. If your company has been impersonated, reach out on ReportCyber: Are you a victim of Cybercrime?
- Contact the email provider: If someone is using an email service to impersonate you (like Gmail or Outlook.com), report this to the provider.
List source: Business email compromise | Cyber.gov.au
