Share this article on:
The Australian Cyber Security Centre (ACSC) has released a new publication – Protecting Against Business Email Compromise – to help Australians defend against these deceptive and expensive scams.
Business email compromise is when criminals use email to abuse trust in business processes to scam organisations out of money or goods. Criminals can impersonate business representatives using similar names, domains and/or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.
Head of the Australian Cyber Security Centre, Abigail Bradshaw, CSC, said there has been a significant increase in the use of business email compromise (BEC) scams by cyber criminals: "This type of fraud has been used to hoodwink many Australians and Australian businesses, out of often very large sums of money."
Common scams associated with business email compromise include:
"In 2019-20 financial year there were 4,255 reports of BEC scams reported through the ACSC’s ReportCyber tool, representing losses of over $142 million. This advisory will help you to identify scams, prevent email accounts from being compromised, and prevent damage to your business reputation," Bradshaw explained.
The Protecting Against Business Email Compromise publication, and other easy to follow cyber security information and advice, is available at cyber.gov.au. You can report cyber crime by going to www.cyber.gov.au and ReportCyber, providing a single online portal for individuals and businesses on behalf of federal, state and territory law enforcement agencies.
If you have been the victim of business email compromise, follow these steps as soon as possible:
Bradhsaw added, "This advisory will help you to identify scams, prevent email accounts from being compromised, and prevent damage to your business reputation."
The Australian government Information Security Manual (ISM) assists in the protection of information that is processed, stored or communicated by organisations’ systems. The Strategies to Mitigate Cyber Security Incidents complements the advice in the ISM.