Business email compromise awareness

QPS Media on Dec 31, 2024 @ 11:03am

The Queensland Police Service Crime Intelligence Command’s Financial and Cyber Crime Group is reminding the community to be vigilant following recent reports of business emails being compromised and to implement safeguard measures against scams.Financial and Cyber Crime 

Group’s Detective Acting Superintendent Kerry Lofdahl said business email compromise can involve invoices, either legitimate ones that have been altered or fake invoices, being sent to businesses and individuals for payment, where if paid, funds are transferred into accounts and monies are effectively stolen.

“Businesses can be targeted, as can individuals, so it is important to regularly review email and financial management processes such as being careful with bank account details, checking the rules settings on email applications across all devices and ensuring everyone has processes to verify any change of banking details through a second reliable means of communication other than email,” Detective Acting Superintendent Lofdahl said.

A Business email compromise (BEC) can occur when criminals use email to abuse trust in business processes to scam organisations and individuals out of money or goods.  Criminals can impersonate business representatives using similar names, phone numbers, website domain names and/or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker or employee.

Scams associated with a BEC include:

•  Invoice fraud: Criminals compromise a business (vendor) email account and through it have access to legitimate invoices. The criminals then edit contact and bank details on those invoices and send them to customers with the compromised email account. The customer pays the invoice, thinking they are paying the vendor, but instead send that money to bank accounts controlled by criminals.
• Employee impersonation: Criminals compromise a work email account and impersonate a co-worker via email. Criminals can use this identity to commit fraud in several ways. One common method is to impersonate a person in power (such as a Chief Executive Officer or Chief Financial Officer) and have a false invoice raised. Another method is to request a change to a worker’s banking details. The funds from the false invoice or the worker’s salary are then sent to bank accounts controlled by criminals.
• Company impersonation: Criminals register a website domain with a name very similar to a large, known and trusted organisation. Criminals then impersonate the organisation in an email to a vendor and request a quote for a quantity of expensive goods, like laptops. Criminals negotiate for the goods to be delivered to them prior to payment. The goods are delivered to a specified location; however, the invoice is sent to the legitimate organisation, who never ordered or received the goods.

What you need to do as a Business and an Individual:I

f you have been subject to a BEC ensure you report the incident to ReportCyber then change the passwords on all email addresses and ensure Multi Factor Authentication is turned on for all your devices.   Check if further systems were compromised by running a malware scan and consider hiring a cyber security professional to review computer systems.

Generally, review email systems for unauthorised access and remove any labels, filters or forwarding rules you did not set up. Review search history and recent sign-in activity. If using Microsoft Outlook as your email application – click on the “File” tab, click the “manage rules and alerts” button to see if any rules have been set up.

If you receive an invoice or email with advice to change the bank account details of the payee, contact the company on a phone number that you know or conduct an open-source check to obtain the correct and current phone number.  Do NOT ring the number or contact the email address on the invoice as it will be the contact number for the cyber criminals.

Please see below for information regarding Business email compromise (BEC).

• https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/email-hardening/protecting-against-business-email-compromise
• What is Business Email Compromise (BEC)? | Microsoft Security

Victim reporting and support:

If you think you have lost money, immediately report the transaction/s to your bank or financial institution and change your online banking passwords to secure your online accounts.

If you are a victim of cybercrime, report to ReportCyber at www.cyber.gov.au/report

Learn more about scams at www.scamwatch.gov.au and R U In Control

If you were contacted via social media, report it to the social media platform.

If you are concerned that your identity has been compromised, contact the national identity and cyber support service IDCARE at www.idcare.org

For online safety material, visit https://www.esafety.gov.au

To build your confidence and stay safe online, visit https://www.beconnected.esafety.gov.au

For help, members of the public are encouraged to contact Lifeline on 13 11 14 or visit www.lifeline.com.au or Beyond Blue on 1300 22 4636 or at www.beyondblue.org.au.

If you have information for police

If you have information for police, contact Policelink by providing information using the online suspicious activity form 24hrs per day at https://www.police.qld.gov.au/policelink-reporting.

Report crime information anonymously via Crime Stoppers. Call 1800 333 000 or report online at www.crimestoppersqld.com.au.