Skip to content

Upcoming Events

Cashflow Crunch-ed! Workshop

Cashflow Crunch-ed! Workshop: Where does the cash go, and how to find it in your business faster

Wed, 1 May 2024

SMSF Seminar - New rules, new strategies. What do I do?

Self-Managed Superannuation Seminar – New rules, new strategies. What do I do?

Wed, 29 May 2024

Sign up to b-Mail!

Want to hear the latest news as it happens? Simply fill out the form below and we'll send you regular updates so you can stay in the loop.

Email scam fraud awareness Posted on October 9, 2018

Emailscam

A fraudster sends an email to your payments team pretending to be from the CEO, CFO or other person in authority. The sender address is usually very similar to the actual email address of a senior manager at the business. On some occasions the manager’s email address is hacked so the email comes from the correct email address.

The initial email is often directed to a staff member by name. If the staff member responds to the email they usually receive a reply asking for a wire transfer. The payment teams often process the payments thinking that the request is coming from management.

Often this scam is used in conjunction with social engineering efforts. For example, the fraudster will gain information that the CEO is travelling or overseas, and will identify a country where regular suppliers are based. These efforts are then incorporated into the email instructions to make it seem more genuine.

What you can do:

  • Implement a policy where all payment requests received by email over a set amount require the payment team to call the requester to confirm the request, using their listed phone number, not the number in the email.
  • Educate staff that normal payment procedures should be followed. If you receive an email requesting a payment outside normal processes then be extra vigilant.
  • If asked to change a supplier’s bank account details, check the request by phone to the supplier’s known phone number or other independent verification.
  • Employees should check email addresses as well as the email name. If you hover over the name of the person who sent the email, the reply to address may be different.
  • Exercise restraint when publishing information about employee activities such as out of office details or hierarchical information on your website or through social media, as attackers perpetrating these schemes often use this information to appear more genuine.

Possible indications of fraudulent emails include:

  • The request states that it is urgent or confidential and ignores the standard procedure.
  • These are grammatical or spelling errors.
  • Use of language and formatting of the email is different to past emails from the manager.
ac-logo-whiteArtboard 1@3x

Discover the difference that the right advice can make

Get in touch with our team today and learn how you and your business can grow to the next level. 

be better off.

talk to us Discover the difference that the right advice can make

Get in touch with our team today and learn how you and your business can grow to the next level. From structuring to sustainability, we'll help you reach your financial goals and live the lifestyle you deserve.

be better off.