Technology has transformed business efficiency and customer experience, but it’s also transformed organised crime. 


Cyber-attacks and scams are becoming more and more advanced, and fraudsters are making fake emails highly believable.

Cyber criminals are early adopters of new technology and they’ll use it to take advantage of you.

Phishing is the typical starting point for malware or business email compromise. It casts a wide net, hoping to catch a few victims via generic emails from a ‘trusted provider’. Phishing emails typically begin ‘Dear Customer’.

The next level, ‘Spear Phishing’, is more targeted. They already know your name and other details and will use that to gain trust.

‘Whaling’ takes this to the next level, where the fraudster will impersonate the business owner or a senior director requesting urgent action, for example an invoice payment via email.

The dark web is a nefarious place, where there is a market for client data and identity documents. These can be used to take out fraudulent loans, or for future attacks. The next-generation of whaling may even use AI-powered voice impersonation to make phone calls requesting payments, a very convincing form of ‘vishing’ or voice solicitation.

Make sure your people don’t take the bait

Phishing emails, texts or phone calls typically seek to extract personal information  such as passwords, credit card numbers or bank account details. Scamwatch received over 25,000 reports of phishing scams in 2019

Fraudsters are past the days of sending a dodgy email at 2am riddled with typos. The fraudster may access details about the staff who transact on behalf of the business from your website’s ‘about us’ page and target those individuals directly.

Think it won’t happen to you? Globally, almost 22% of employees click on a phishing email, putting not only their own identity at risk, but also business data and systems. 15% of people successfully phished are targeted at least once more within the year. It’s important that your staff can identify a phishing email and more importantly won’t click on the links or attachments.

Once they have access to your systems, fraudsters can review your emails for information about who you bank with, your clients and suppliers, and typical communications between clients and staff. This makes it even easier to impersonate someone you trust.

How vulnerable is your business?

Every minute, $2.9 million is lost to cybercrime – including $17,000 a minute through phishing emails.

It’s a good idea to speak with your insurance broker to check what you’re covered for, as there is confusion between fraud insurance and cyber insurance.

For a checklist of email compromise and fraud warning signs, read our guide to email compromise.

Talk to a specialist

Fill out our form so we can connect you with the right banking specialist.

Business banking

Monday to Friday 8:30am – 6:30pm (Sydney time)

1800 442 370

Vehicle finance

Monday to Friday 9am – 5pm (Sydney time)

1800 620 673

Additional information

The information on this page has been prepared by Macquarie Bank Limited ABN 46 008 583 542 (AFSL and Australian Credit Licence 237502) and does not take into account your objectives, financial situation or needs. Before making any financial investment decision or a decision about whether to acquire a financial, credit or lending product, a person should obtain and review the terms and conditions relating to that product and also seek independent financial, legal and taxation advice. All applications are subject to Macquarie’s standard credit approval criteria. This information is intended for recipients in Australia only.