//Blogs - 24 Jun 2020

Business Email Compromise

June 2020 update

Here at AusCERT, we’ve again seen an increase in instances of business email compromise and would like to take this opportunity to update the list of useful resources on this topic. 

Scammers will take advantage of any opportunity to steal your money, personal information, or both. Right now, they are using the uncertainties surrounding the COVID-19 pandemic and remote working. 

You may find the following articles useful: 

Advice from the ACSC (cyber.gov.au): Understanding and preventing BEC
Scamwatch: The cost of BEC (report from 2019)
Threatpost: General advice from Threatpost on issues caused by working from home, including BEC


We’ve blogged about this before, but instances of business email compromise (BEC) are increasing.

The FBI is warning potential victims of a dramatic increase in the BEC scam, with a 270% increase in identified victims and exposed loss since January 2015. From October 2013 through February 2016, losses have exceeded USD 2.3 billion.

BEC scams work because they target specific employees of an organisation with email that appears to be from their CEO, asking for a wire transfer of funds to a nominated recipient. Criminals either compromise the CEO’s email account through phishing, or they use a very similar domain to the targeted organisation to send the message from.

Often, the fraud targets organisations that regularly perform wire transfer payments. The emails avoid being caught as spam because they are not mass-mailed and address specific individuals.

There are some actions you can take to combat this threat:

  • Educate users, particularly those that handle payments, of the nature of the attack.
  • Follow up email requests with a telephone call to verify their veracity.
  • Implement appropriate checking of financial transactions.
  • Implement Sender Policy Framework (SPF) to prevent attackers from impersonating your domain; and to help detect and block emails sent to your organisation that use forged domains.
  • Don’t click on links or open attachments in unsolicited emails.
  • Keep desktop anti-malware up to date.
  • Don’t use your computer day-to-day with an administrator account.