Business email compromise is one of the leading causes of fraud-related financial loss in Australia. Business owners can’t afford to be complacent.


Scamwatch has reported that more than $10.1 million was lost to false billing or invoice scams in 2019. So how can you protect your business? We’ve listed some common red flags to look out for.

  • Changes to bank account details for regular clients or suppliers.
  • Payment urgency.
  • Request out of usual business hours.
  • Unusual terms, like ‘wire transfer’.
  • Vague payment purpose.
  • Unusually large sums of money.

It’s important to set up processes to handle these types of requests. Here are some tips to help get you started. 

  1. Ensure everyone in the business is aware of the fraud red flags outlined above and what your escalation points are.
  2. Segregate duties so that different people are responsible for requesting and authorising payments.
  3. Obtain verbal confirmation if:
    • payment instructions are received via email
    • there is a request to change payment details, or
    • if payment is requested outside of usual business.

The telephone is one of the best anti-fraud tools we have. If in doubt, give your supplier or client a call to double check the request has come from them.

Beyond fake invoice scams, businesses of all sizes can be vulnerable to malware and ransomware. Malware is malicious software that can be downloaded inadvertently if an email attachment is opened or a link is clicked. This is one way that malware can compromise a device. Some malware (worms) can spread through a network, while some can pose as legitimate software.

Scammers then have access to your computer and could freeze your systems while files are encrypted. A payment demand may follow, which is called ransomware. Other demands such as banking malware may interfere with payments.

Look out for these warning signs before you click on a link.

  • Does the sender have a webmail email address (such as Hotmail) rather than a business one?
  • Is it addressed to ‘Dear Customer’ rather than your name?
  • Does the email ask for more information than the sender would need (such as a driver’s licence number)?
  • Does it include a very strong request for action involving clicking a link?

Your bank will never ask you for confidential information, such as your PIN or date of birth, via email. Even if a link looks like a website you trust, it’s safer to type in the URL yourself.

If you think you’ve been the victim of fraud, contact your bank straight away. 

Talk to a specialist

Fill out our form so we can connect you with the right banking specialist.

Business banking

Monday to Friday 8:30am – 6:30pm (Sydney time)

1800 442 370

Vehicle finance

Monday to Friday 9am – 5pm (Sydney time)

1800 620 673

Additional information

Unless stated otherwise, this information has been prepared by Macquarie Bank Limited ABN 46 008 583 542 AFSL & Australian Credit Licence 237502 and does not take into account your objectives, financial situation or needs. Before making any financial investment decision or a decision about whether to acquire a credit or lending product, a person should obtain and review the terms and conditions relating to that product and also seek independent financial, legal and taxation advice. All applications are subject to Macquarie’s standard credit approval criteria.