Business Email Compromise: The $3 Billion Scam Targeting Australian Businesses Right Now

Your finance team receives an email from the CEO asking for an urgent funds transfer. The email address looks right. The tone sounds familiar. The request seems plausible. They transfer the money. And then they find out the CEO never sent that email. This is Business Email Compromise (BEC) — and it is the single most financially damaging cybercrime affecting Australian businesses today. No malware required. No ransomware. Just a convincing email and a well-timed request. Understanding how BEC works — and how to stop it — is one of the most important things an Australian SMB can do right now. What Is Business Email Compromise? Business Email Compromise is a sophisticated fraud attack where cybercriminals impersonate a trusted person – usually a CEO, supplier, or finance contact – to trick employees into transferring money or sensitive data. BEC attacks come in several forms: The Australian Federal Police has reported BEC losses in the hundreds of millions annually. Globally, the FBI estimates cumulative BEC losses have exceeded USD $50 billion. Learn how our cybersecurity services protect Gold Coast businesses from email-based threats Why BEC Is So Effective Against SMBs Business Email Compromise works because it exploits trust and urgency – two things that are deeply embedded in how businesses operate. Attackers spend time researching their targets before striking. They study: SMBs are disproportionately targeted because they often lack formal financial controls – single approvals for large transfers, no secondary verification requirements, and staff who have not been trained to recognise impersonation. The Technical and Human Defences Against BEC Stopping Business Email Compromise requires both technical controls and human processes working together. Technical Controls: Process Controls: Explore our Security Awareness Training to prepare your team against BEC What to Do If You Suspect a BEC Attack If you or a staff member suspects a Business Email Compromise attempt or has already made a fraudulent transfer: Speed is critical. The faster you act, the higher the chance of recovering funds. Learn how Netlogyx Managed IT Support provides rapid incident response Has Your Business Reviewed Its BEC Exposure? Email fraud is the highest-cost cybercrime targeting Australian businesses. A 30-minute review with Netlogyx can reveal whether your email domain is protected, your staff are trained, and your financial processes include the right safeguards. Frequently Asked Questions Q: How do attackers get so much information about our business to make BEC emails convincing?A: Most of it is publicly available – LinkedIn profiles, your website, press releases, and social media. Attackers spend time on open-source intelligence gathering before launching a targeted BEC campaign. Q: We have email filtering – does that protect against BEC?A: Basic spam filters alone are not sufficient. BEC emails often come from legitimate-looking domains with no malware attached, so they pass basic filters. Advanced email security with AI-based header analysis and domain impersonation detection is required. Q: Is BEC covered by cyber insurance?A: Some policies cover social engineering and funds transfer fraud. However, coverage depends on whether minimum security controls were in place at the time. This is another reason to implement proper email authentication and financial controls. The Most Expensive Email You Will Ever Receive Looks Completely Normal Business Email Compromise is not about technical sophistication. It is about human trust, organisational process gaps, and a lack of email authentication. The defences are straightforward – but they must be implemented deliberately. Netlogyx helps Australian SMBs close these gaps before they become a loss. (We are not looking to replace your current provider, just offering an alternative perspective) Written by Neil Frick Sources & References