Protecting your business from scams


Scams can be devastating to a business’s bottom line so it’s important you and your staff remain alert to potential threats. 

Australian businesses reported more than 5800 scams with losses exceeding $7.2 million in 2018, a 53 per cent increase compared to 2017, according to the Australian Competition & Consumer Commission’s (ACCC) Targeting scams report.1

One of the more common scams targeting businesses is hacking business email systems and impersonating the intended payment recipient. In these cases, scammers request changes to bank account details so that the business makes the payment to the scammer instead of the legitimate business.

This scam has been found to target businesses of all sizes, in fact, any organisation that transfers money via bank accounts is a potential target.

According to the ACCC, small businesses with fewer than 20 staff were most likely to be targeted by scammers and accounted for more than 75 per cent of reports received2.

Businesses were most likely to be targeted with false billing scams (1819 reports in 2018)3 but investment, hacking and phishing scams also caused significant losses.

  • Ensuring all staff are aware of these scams and putting in place clear processes and procedures for transferring money and verifying changes of bank account details are ways businesses can protect themselves.
  • Businesses can also sign up to the ACCC’s Small Business Information Network5 to receive emails about new or updated resources, enforcement action, and scams relevant to the small business sector.

The Business email compromise scam is one example of a scam targeting businesses today.

This is a global scam which involves a scammer gaining access to a business’s entire email or IT system or, at least, the email account of a key person in a business who deals with the transfer and receipt of money. Once they have access to that email they are able to either impersonate the CFO or some other high ranking manager of the business asking for funds to be transferred into a particular account for an urgent reason.  A variation of this scam is the scammer will impersonate the business in an email to another business  asking for a regularly-paid invoice to be paid into a new account.

From the ACCC6, one victim story was that scammers sent business invoices with amended bank details as well as the prior email trail to and from the supplier. According to the victim, everything was a perfect copy of the real version of the invoices that were previously used and they didn’t notice a difference. Thinking it was real, the victim sent an amount of $190,000 but the real supplier never received it. They victim didn’t realise the supplier never received it because when the real supplier tried to alert the victim the scammers diverted their emails to prevent them finding out. The victim didn’t receive any responses to their genuine unpaid invoice for which payment was now requested. The victim realised only when the real supplier contacted them directly by phone about not receiving the money owed.


If you have been scammed or think you might have been targeted by scammers you can file a report at

You should may also wish to use this checklist of who to inform


Next: Case studies - email hacking

Our two case studies, a result of identity theft via email hacking, highlight the need to ensure any instructions you receive are really from your client.

Access the latest in practice insights, market news and articles to help you grow your business.

It’s important to know how to stay safe online. Here’s 8 simple tips to ensure safe computing practices in your business.
Email is the primary method of communication with your clients, but email is also a great channel for fraudsters to steal identities and facilitate fraudulent requests. Read our top tips on what to look out for and actions to take to confirm it’s your client you’re dealing with.
To breathe or not to breathe - Another resilience-building strategy from Kamal Sarma. Find out how to control your breathing and use it to calm your mind, body and emotions.

This publication is current as at July 2019, and has been prepared by BT, a part of Westpac Group. This document has been prepared for the information of financial advisers only and must not be copied, used, reproduced or otherwise distributed or made available to any retail client or third party, or attributed to BT or any other company in the Westpac Group.

The information contained in this publication is an overview or summary only and it should not be considered a comprehensive statement on any matter nor relied upon as such. The publication does not contain, and should not to be taken to contain, any financial product advice and it has been prepared without taking into account any person’s objectives, financial situation or needs. Because of this, you should, before acting on any information contained in this publication, consider its appropriateness to your clients, having regard to their objectives, financial situation or needs. This document may contain material provided by third parties derived from sources believed to be accurate at its issue date. While such material is published with necessary permission, no company in the Westpac Group accepts any responsibility for the accuracy or completeness of, or endorses any such material. Except where contrary to law, we intend by this notice to exclude liability for this material. To the maximum extent permitted by law: (a) no guarantee, representation or warranty is given that any information or advice in this publication is complete, accurate, up to date or fit for any purpose; and (b) no member of the Westpac Group is in any way liable to you (including for negligence) in respect of any reliance upon such information.