A business email compromise (BEC) is when a cybercriminal breaches or impersonates the email account of an organisation or staff member. The offender impersonates the business or individual in an attempt to trick the recipient of the email into either i) changing the bank details of a known supplier or employee, or ii) making an 'urgent' payment to a new account.

Warning signs

• A change in bank details for the recipient of funds (either via an email request or a modified copy of the supplier's invoice).
• Inconsistent communication style and unusual use of spelling or grammar.
• Sense of urgency for the payment to be made.
• 'Lookalike' email addresses which may, for example, be achieved by swapping an "i" for an "l" (or vice versa).

How to protect yourself

• Verify the legitimacy of the email by calling on a trusted phone number.
• For businesses, have a clear process for change of bank details and if your employees access the network remotely, make use of two factor authentication (2FA)..
• If in doubt, ask a colleague or your manager for their opinion.
• Make sure your email accounts and IT networks are kept secure.

If in doubt, contact BOQ urgently on 1300 55 72 72, visit www.boq.com.au/contact-us for our operating hours.