The hidden threat behind everyday business emails
Business Email Compromise, often called BEC, is one of the most common and costly scams affecting Australian businesses today. These scams do not rely on obvious warning signs or suspicious looking messages. Instead, they take advantage of trust, routine processes and busy teams.
Understanding how BEC scams work, what to look for and how to verify payment changes can significantly reduce the risk of financial loss.
What are Business Email Compromise scams?
A Business Email Compromise scam happens when a criminal impersonates a trusted supplier, staff member or business contact to trick a business into sending money to the wrong bank account.
The scam usually involves a request to change bank details or make a payment that appears legitimate. Emails often include real looking invoices, familiar branding and correct reference numbers. In some cases, the scammer is replying directly within an existing email conversation.
Business Email Compromise scams explained
This short video explains how Business Email Compromise scams work, why legitimate looking emails and invoices are used and the simple checks businesses can take to reduce the risk of payment redirection fraud.
How these scams typically happen
BEC scams often begin long before a payment request is sent. Scammers may gain access to a real email account through phishing, weak passwords or unsecured systems. Once inside, they quietly monitor email conversations to understand supplier relationships, payment timing and internal processes.
When the time is right, the scammer sends an email requesting a change to bank details or asking for an urgent payment. The message may appear to come from a known supplier or colleague and may use identical language to earlier emails.
In other cases, the criminal may not access the mailbox at all but instead closely imitate the sender’s email address, logo and writing style to make the request look authentic.
The simple habit that prevents most losses
One of the most effective protections against BEC scams is also one of the easiest actions to take. Always verify bank detail changes before making a payment.
If a supplier or colleague asks to update payment information, call them using a phone number you already trust. Do not rely on contact details provided in the email. This quick phone call catches the majority of payment redirection scams and can save significant time, stress and money.
Verification should feel routine and supported, not inconvenient or uncomfortable.
How to help protect your inbox and payment process
Secure email access
Turn on multi-factor authentication for all email accounts.
Strengthen passwords
Use strong, unique passwords and a password manager.
Monitor inbox activity
Check inbox rules and forwarding settings regularly.
Control payment changes
Restrict who can add or change supplier bank details.
Add an approval step
Require two approvals for new or updated payees.
What to do if you think you have been scammed
If you believe a payment may have been sent to the wrong account, it is critical to act immediately. Contact Regional Australia Bank straight away so we can take urgent steps to assist your business where possible.
You should also secure your email accounts by changing passwords, enabling or reinforcing multi-factor authentication and checking for unusual inbox rules or forwarding settings. Let the relevant people in your business know what has happened so further payments are not made in error.
Early action and reporting help protect your business and allow us to support you through the next steps.
Visit the Security Hub
Our Security Hub is a go-to destination for staying informed about online threats. It offers practical tips, scam alerts, and easy-to-use tools that help you recognise and respond to risks with confidence.
Trusted support services
Scamwatch & National Anti-Scam Centre
Scamwatch, run by the Australian Competition and Consumer Commission, provides information on how to recognise, avoid, and report scams. It’s part of the broader work of the National Anti-Scam Centre, which brings together government, industry, and community efforts to disrupt scams and protect Australians.
Australian Cyber Security Centre
The ACSC is the Australian Government’s lead agency for cyber security. It provides up-to-date alerts, advice, and resources to help individuals and businesses protect themselves online. It also plays a key role in coordinating national responses to cyber threats.
MoneySmart
MoneySmart, by Australian Securities & Investments Commission, offers free and confidential financial counselling services. If you’ve been financially impacted by a scam, they can help you get back on track.
ReportCyber
Managed by the Australian Government, ReportCyber is the official platform for reporting cybercrime and online incidents. It also offers guidance on what to do if you’ve been affected by a cyber incident.
Helpful resources
Disclaimers
This content is informed by resources from the Australian Government’s Scamwatch website. For more information and resources on protecting yourself from scams, visit www.scamwatch.gov.au. Regional Australia Bank Ltd ABN 21 087 650 360 AFSL & Australian Credit Licence 241167.
.png?auto=format&w={width})