18 February 2022

Time and time again, we’re hearing of practices whose business emails have been compromised, and we’re concerned that it seems to be on the increase.

Criminals use emails and information known about a company to abuse the trust in business processes, aiming to scam organisations for large sums of money.

There are many formats of business email compromise, and a hacker does not always require access to a network to perform a scam.

Company Impersonation

Company Impersonation is extremely common and poses great risk to a business of any size. It involves a hacker registering a domain, very similar to @plannedcover.com.au for example, and sending an email to a client requesting funds to be paid into a fake bank account or providing other instructions which will result in financial or data loss.

This is a RED FLAG moment!! If there has been a change of bank account details in any emails you receive, do not act on the request until you have confirmed these details with a trusted person over the phone. Also, never click on unknown links or documents within such emails.

Be vigilant and do necessary checks

Such attempts can be challenging to identify, but recipients should always rely on their instinct and judgement of the email. Ask yourself: is it expected? Is the language unusual? Are there spelling errors or missing letters? Have they started a new email thread, instead of replying to the original correspondence?

A trusted domain name or accurate email address does not always imply a safe email. There is always the risk of a compromised email account and a hacker maximising on the information that they can gather. If you are suspicious about any emails you receive, even from a trusted person, please make sure to raise these concerns with your IT Helpdesk or service provider, or simply speak with the trusted person to confirm they actually sent the email and that any changes to banking details, or other instructions, are legitimate.