![shutterstock_1086090845-[Converted]](https://blog.idashboard.com.au/wp-content/uploads/sites/147/2022/07/shutterstock_1086090845-Converted-1300x731.jpg)
In our article, we are using a buyer paying a deposit as our example, but this type of scam can apply to anyone who is transferring a large amount of funds.
What is a business email compromise scam?
A business email compromise scam is when your business email becomes compromised, and is monitored for legitimate emails you send containing trust deposit details, including a BSB and account number for a sales deposit. The scammer will then immediately send another email, using your email stationery, instructing the receiver that the account details were incorrect, and that they should instead transfer the funds to the “correct” account details.
This results in unsuspecting buyers transferring their deposit to the scammers account, and in most cases the funds are not recoverable.
How does my email account become compromised?
The most common way your email account is compromised is by a scammer getting a hold of your email account username and password, allowing them to login to your account and monitor your sent items. This usually occurs from malicious email attachments, that once opened, will “lift” your account details from your computer and send them back to the scammer.
What can you do to help protect against this type of scam?
Include instructions on how the buyer can verify the provided BSB and account number, including how to contact your office on a trusted phone number. This might be instructions on how to Google your business, and find a trusted phone number on your website. A scammer can easily put a phone number into the fake email, and impersonate your office, so it is important to provide steps that would allow someone to independently verify your phone number.
Include a message on your deposit instruction emails on what to do if the buyer receives a follow up email to change the BSB or account number. You can copy and paste our example:
IMPORTANT: Changes in BSB, account number or how to pay
If you receive a follow up email or phone call from us claiming that the BSB and/or account number in this email is incorrect, or that we have provided you with incorrect instructions on how to pay, please contact our office or your sales agent immediately by phone. Do not transfer any funds until you have spoken directly with a trusted person involved with this transaction, and can verbally confirm the payment instructions.
Don’t open attachments from people you don’t recognise. This is the number 1 way a scammer will get your email account username and password, by you opening an attachment that is able to “lift” your account details from your computer, and send it back to the scammer.
Install an anti-virus, and make sure it is up-to-date. This will help to ensure email attachments designed to compromise your email account are caught early – they don’t always work, so it is important to remain vigilant. If you have managed IT services for your business, contact your supplier to ensure this is part of your plan.
Contact your bank and find out how you can activate PayID on your account using your ABN. Deposits can then be “sent to your ABN”, and funds will appear in your account instantly. PayID also contains a mechanism where the person sending the funds will be able to verify your company name before the transfer is completed.
If you need to contact your bank…
You should report any suspicious activity regarding your bank account directly to your banking provider.
ANZ 13 70 28
Westpac 1300 364 294
CommBank 13 22 21
NAB 13 10 12
Bendigo Bank 1300 236 344