Business Email Compromise (BEC) is one of the most common and costly cybercrime threats affecting Australian organisations. It involves scammers gaining access to, or impersonating, legitimate email accounts to trick businesses into transferring funds or sensitive data. Losses can be substantial and recovery can be difficult without immediate and correct action.
The Australian Institute of Cyber Security (AICS) has developed this checklist to provide a practical, legally sound approach for Australian businesses responding to BEC incidents.
1. Stop the transaction if possible
Contact your bank immediately and request a recall or freeze on the transferred funds. Provide all transaction details and explain that it is a BEC incident. Many banks have dedicated fraud escalation contacts.
2. Preserve evidence
Do not delete or modify any emails, attachments, or logs. Take screenshots of fraudulent messages and save full email headers. This assists in tracing the origin and method of compromise.
3. Alert internal stakeholders
Inform management, finance, and IT teams without delay. Ensure no further payments are processed until accounts and approvals are verified.
4. Notify affected external parties
If the scam involved supplier or customer accounts, contact them to prevent further fraudulent requests and protect their accounts.
5. Engage a qualified digital forensics investigator
Prompt forensic analysis can reveal the point of compromise, such as a phishing email, credential theft, or account takeover. An investigator can prepare evidence for possible legal proceedings.
6. Report to law enforcement
Report the incident to the Australian Cyber Security Centre via ReportCyber. This can support investigations and contribute to national threat intelligence.
7. Review and improve security measures
Implement multi-factor authentication on all email accounts, review payment authorisation processes, and provide regular staff training on identifying suspicious requests.
Following this checklist increases the likelihood of fund recovery and strengthens the legal position if action is taken against offenders.
No responses yet