Business Email Compromise

What is Business Email Compromise?

Business email compromise is when criminals use email to abuse trust in business processes to scam organisations out of money or goods. Criminals can impersonate business representatives using similar names, domains and/or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted employee.

Common scams associated with business email compromise include:

• Invoice fraud: Criminals compromise a vendor’s email account and through it have access to legitimate invoices. The criminals then edit contact and bank details on those invoices and send them to customers with the compromised email account. The customer pays the invoice, thinking they are paying the vendor, but instead send that money to criminals’ bank accounts.
• Employee impersonation: Criminals compromise a work email account and impersonate a co-worker via email. Criminals can use this identity to commit fraud in a number of ways. One common method is to impersonate a person in power (such as a Chief Executive Officer or Chief Financial Officer) and have a false invoice raised. Another method is to request a change to a worker’s banking details. The funds from the false invoice or the worker’s salary is then sent to criminals’ bank accounts.
• Company impersonation: Criminals register a domain with a name very similar to a large, known and trusted organisation. Criminals then impersonate the organisation in an email to a vendor and request a quote for a quantity of expensive goods, like laptops. Criminals negotiate for the goods to be delivered to them prior to payment. The goods are delivered to a specified location; however, the invoice is sent to the legitimate organisation, who never ordered or received the goods.

If you’ve been targeted:

1. Report to authorities: Report the incident to the ACSC at ReportCyber: Are you a victim of Cybercrime?
2. Check account security: Secure any compromised accounts.
3. Notify contacts and relevant third parties: Alert all employees and clients.
4. Seek assistance defending your online brand: Domain names are your internet mail address and your online business identity. If your company has been impersonated, reach out on ReportCyber: Are you a victim of Cybercrime?
5. Contact the email provider: If someone is using an email service to impersonate you (like Gmail or Outlook.com), report this to the provider.

Source: Business email compromise | Cyber.gov.au