Skip to content
Call: 1300 596 560
ITL-Coloured-H.png
  • Products
    CCare.png

    Comprehensive IT support and maintenance services to ensure smooth business operations.

    CPrivate_1.png

    Secure, private networking solutions tailored for your business's specific needs.

    CCloud.png

    Flexible cloud solutions for secure, scalable, and efficient data management.

    CNetwork.png

    Robust networking services to keep your business connected and efficient.

    CNBN.png

    High-speed NBN services to boost your internet connectivity and productivity.

    CVoice.png

    Advanced voice communication solutions to enhance your business communications.

    CPBX_1.png

    Innovative PBX systems providing reliable and scalable telecommunication solutions.

    Connect Web

    Enhance your online presence & streamline operations with our tailored web solutions!

    Our Products - Connect Cyber

    Protect your digital assets & safeguard your business online with our comprehensive cyber security services.

  • Services

    IT Support Services

    We offer tailored IT support customised to your business or enterprise needs & operations, ensuring optimal performance of your systems and infrastructure.

    Learn More

    Business IT Support

    Get specialised IT support for your business that ensures your technology aligns with your specific business goals, enhancing efficiency and productivity.

    IT Consulting

    Make informed decisions, implement effective strategies, and navigate complex landscapes with the help of our expert IT consultancy services!

    IT Procurement Services

    Let us assist you in acquiring the best tech solutions at competitive prices so that your business gets superior value, quality & performance.

    Managed IT Services

    Our innovative Managed IT Services drive business growth & scale with you! We work with you to understand your specific Managed IT needs, creating solutions that improve your IT infrastructure at a simple fixed monthly rate.

    Learn More

    Managed IT Support

    Experience hassle-free & cost-effective IT outsourcing to take the complexity out of IT management for your business.

    Managed Backups

    Safeguard your critical data, minimise downtime and ensure quick recovery when you need it, for total peace of mind and continuity.

    Managed IT License Management

    Streamline your IT lincense renewals and software license management to ensure compliance and optimised usage.

    Managed Firewall

    Fortify your network's security, protect against unauthorised access & evolving cyber threats for effective collaboration and operations.

    Microsoft 365

    Transform and modernise your workplace with our comprehensive M365 Solutions. Designed to foster collaboration, enhance flexibility & enable seamless connectivity from any location!

    Learn More

    Microsoft 365 Migration

    Seamlessly migrate to Microsoft 365 with our smooth transitioning process for minimal downtime.

    Microsoft 365 Backups

    Protect your critical M365 data with our robust backup solutions, ensuring data integrity and security.

    Email Signature Management

    Manage & unify your organisation's email signatures, reinforcing your professional brand identity.

    Microsoft Teams

    Achieve unparalleled team collaboration with Microsoft Teams for Business or Enterprise!

    Cyber Security Solutions

    In today’s ever-changing digital landscape, robust cyber security is essential. We develop tailored solutions that protect your business and safeguard sensitive customer information for confidence and peace of mind!

    Learn More

    Email Security

    Fortify your email communications to safeguard sensitive data and ensure uninterrupted business operations.

    Endpoint Security

    Enhance the security of your endpoints, from laptops to mobiles, ensuring compliance & threat protection.

    Cyber Security Training

    Empower your staff to proactively handle cyber threats & foster a culture of cyber awareness and preparedness.

    Essential 8 Simplified

    Implement a streamlined Essential 8 cyber strategy to effectively mitigate cyber risks in your business.

    Cyber Security Audits

    Conduct cyber audits to identify vulnerabilities, enhance security measures & ensure robust defences.

    Cloud Computing

    Reduce your IT infrastructure costs, increase operational efficiency and flexibility & improve the overall performance of your systems with our versatile and scalable cloud computing services for business and enterprise.

    Learn More

    Cloud Computing Services

    Enjoy fully scalable & versatile cloud computing services to drive business efficiency.

    Cloud Migration

    Our seamless migration services ensure a smooth transition and integration with your IT systems to the cloud.

    Cloud Backups

    Benefit from reliable cloud backup solutions to protect your critical data and client information.

    VoIP Telephony

    Our VOIP telephony solutions provide a cost-effective and flexible solution for businesses to communicate with their clients & employees. Enjoy greater mobility, scalability, and accessibility compared to traditional phone systems!

    Learn More

    VoIP Phone Systems

    Discover our state-of-the-art VoIP phone systems for superior communications.

    Remote Workplace Solutions

    Explore our innovative IT solutions to support efficient remote work environments & hybrid teams.

  • Industries

    Transportation

    Specialised IT solutions for the transportation sector.

    Learn More

    Professional Services

    Tailored IT services for professional service providers.

    Learn More

    Education & Government

    Specialised IT services for educational institutions and government bodies.

    Learn More

    Healthcare & Aged Care

    Custom IT solutions for healthcare and aged care facilities.

    Learn More

    Manufacturing

    Advanced IT solutions to streamline manufacturing processes.

    Learn More

    Mining & Resources

    Robust IT solutions for the mining and resources industry.

    Learn More

    Retail Industry

    Explore our innovative IT solutions for the retail industry.

    Learn More
  • Resources

    New User Form

    Do you need assistance with setting up a new user? Complete our new user form.

    New User Form

    Exit User Form

    Need help with an urgent IT issue? Complete our exit user form here.

    Exit User Form

    Blog

    Stay ahead in the digital world with our latest blogs. Get expert insights on evolving IT advancements or tips for seamless business IT operations!

    Read The Blog

    Case Studies

    Discover the success stories of IT Leaders’ clients and unlock the secrets to seamless IT support, managed services, cloud computing & VoIP telephony!

    Discover Our Case Studies
  • About

    About Us

    Learn more about IT Leaders, our values, team, and our expert services!

    Learn More

    Get Support

    Lodge a support ticket & we will get back to you as soon as possible!

    Get Support

    Technical Capability Summary

    Discover IT Leaders’ range of technical capabilities as a leading Australian IT solutions provider and MSP!

    Learn More

    Careers

    Discover the opportunities to join our team!

    Explore

    Our Team

    Do you need assistance with setting up a new user? Complete our new user form.

    Learn More

    Our Partners

    Gold Coast IT Services that will help your business optimise and grow as fast as you grow.

    Learn More

    Testimonials

    Do you need assistance with archiving your email? Complete our exit user form.

    View Testimonials
  • Contact
Call: 1300 596 560

Six Signs of Business Email Compromise to Watch For

  • October 21, 2024
someone using a laptop looking at an email

Table of Contents

Business email compromise (BEC) attacks are the most common cyber threat that Australian businesses face. They’re also one of the most effective.

In this article, we’ll explain what BEC is and identify 6 common signs of BEC attacks that you and your end users should watch out for.

What Is Business Email Compromise?

Business email compromise (BEC) is a type of phishing attack. A BEC adversary will often target a user with access to financial accounts or sensitive data and trick them into transferring money, revealing information, downloading viruses, or granting accesses.

BEC attacks are relatively easy to execute and highly effective – which is why they cost Australian businesses over $80 million in losses in FY22/23. Email compromise was also the most reported type of cyber attack on businesses, costing an average of $39,000 per attack and affecting small businesses the most.

If you already have good cyber security protocols in place, a BEC-related breach is probably your biggest risk. In the rest of this article, we’ll explore BEC attacks that you and your end users should look out for.

Sign 1: Invoices From Unknown Suppliers

The most basic BEC attack is a fake invoice from an unknown supplier. The only things an adversary needs are surface-level information about your company and a legitimate-looking email address.

Generally, these emails are sent directly to the person/team that processes your finances – who, especially in larger organisations, may not know exactly what suppliers different personnel or departments work with.

Sign 2: Invoices for Work/Products Not Requested

False invoice scams are a staple BEC attack. An adversary poses as a legitimate supplier and sends you an invoice for work or products that haven’t been requested.

If you pay invoices and are directly involved in all day-to-day operations – which will only be the case if your business is very small – you’ll probably spot a false invoice scam quite easily.

But what about larger businesses? There are a few warning signs your team should watch for. If you have a purchase order (PO) system and receive an invoice that doesn’t match a PO number, don’t pay it.

If the invoice doesn’t line up with past invoice amounts and/or frequencies for that supplier, always double-check with the person or team that manages them.

And always look at the sender’s email address – has it changed in any way? Often, adversaries will spoof addresses by changing a single character or replacing a Latin character with an identical-looking one from another alphabet like Cyrillic or Greek (which is why your email filters should automatically block addresses containing non-Latin characters unless you deal with international customers/suppliers).

Sign 3: Bank Account Changes

The most effective BEC attacks involve an adversary gaining access to a supplier’s real email, monitoring communications, then issuing an invoice with the wrong bank details.

You, as the customer, are expecting the invoice – the only change is that your payment will go to the adversary, not your supplier.

In some cases, an adversary will even wait for a supplier to send their invoice, intercept that email, modify the details, and then pass it on to you.

Everyone believes the invoice has been issued correctly, which makes identifying the attack incredibly challenging.

(Bank account changes can occur even if your suppliers send invoices from an accounting service like Xero; most platforms have number-matching authentication, but frameworks like Evilginx2 – which ‘steal’ the session tokens that authenticator apps use – can still allow adversaries to gain access and issue modified invoices.)

Sign 4: Known Contacts Sending Unusual Attachments

An adversary’s goal isn’t always to commit invoice fraud. Sometimes, they’ll want to establish a foothold in your network – or spread malware that does that for them.

One of the easiest ways for them to do that is to gain access to an individual’s email, then send emails to that person’s contacts (which could be inside or outside their organisation) that contain compromised attachments or links.

OneDrive, OneNote, Dropbox and Google Drive files are all popular vectors because they seem legitimate. End users can see previews of the file in their email, already trust the sender of the email, and may regularly exchange files and links with that person.

Watch out for contacts sending unusual attachments that you aren’t expecting – especially if the email doesn’t sound like it was written by them.

Sign 5: Authority, Urgency, Freebies and Fear

Let’s say you’ve done all the right things. You’ve set up your firewall and quarantine rules, your accounts team have robust procedures in place, and your end users have a basic level of cyber awareness.

What happens when a BEC attack gets through your first few layers of defences anyway? How can you spot it?

The key: look out for psychological red flags. BEC attacks are, ultimately, exercises in social engineering. Adversaries will work to exploit the biggest vulnerability your IT environment has – your people. The 4 major red flags are:

  • emails that come from authority figures like executives or HR (such as a request to review an attached document, make an unexpected payment, or fill out a survey)
  • emails that are designed to invoke urgency (such as a high-priority request sent late Friday or a reminder to jump on a video call that starts in 5 minutes)
  • emails that offer freebies or discounts (such as free gift cards from management or half-price coffee at the on-site cafeteria)
  • emails that deliberately induce fear (such as a threat of legal action for non-payment of an invoice).

Sign 6: Unexpected Emails

Some of the most effective BEC attacks are the simplest. For example, an adversary might impersonate a well-known company in your sector and send out a marketing email (such as a promotion or newsletter) that perfectly mimics that company’s normal communications.

Your end users haven’t signed up for those email communications, so they click the ‘Unsubscribe’ button at the bottom of that email – but that link is actually compromised.

Another possibility: a BEC attack could appear to be a system notification from a piece of software your team uses. It might be an exact replica of the standard notification, but featuring a compromised version of the link that users would normally use to action the notification.

An adversary could even send a suspicious email and then include a legitimate-looking ‘Report This Email’ link at the bottom, which your users – having been trained to do the right thing and flag all phishing attempts – mistakenly click.

Next Steps

Knowing what the signs of a BEC attack can look like isn’t enough. You also need to develop defence in depth – that is, combine and layer different countermeasures like anti-phishing software, clear SOPs for accounts staff, and ongoing cyber awareness training for end users.

Because, ultimately, your organisation will be exposed to BEC attacks. Whether they cost you tens of thousands of dollars or are quietly flagged as spam depends entirely on how effective your security posture is.

We’ve helped more than 500 businesses across Australia harden their emails and train end users. If you’re concerned that your BEC defences might be less than ideal, get in touch with us to find out more about how we can help.

Book A Meeting

Share It:

Read More IT Leader Articles
Loading...
laptop screen showing software updates
October 28, 2024

Windows 10 Countdown: Why It’s Time to Upgrade Your PC Today

Windows 10 has been a reliable companion, but its days are numbered. Come October 14, 2025, Microsoft will end support for it. That means...
Read More
smart office trends
October 14, 2024

Boost Productivity: Top 6 Smart Office Trends You Need To Know

The office environment is experiencing a major overhaul. The days of drab cubicles and repetitive routines are behind us. Today’s smart offices are vibrant...
Read More
a man and woman in a server room
October 11, 2024

How IT Support Can Improve Your Business Operations

Table of Contents IT is sometimes viewed as a business expense – a cost paid grudgingly so your computers keep working.In this article, we’ll...
Read More
ITL-Coloured-WhiteSub-H.png

Professional IT Services that are optimised to change and grow as fast as your business!

Facebook Twitter Linkedin

Products

  • Connect Care
  • Connect Cloud
  • Connect NBN
  • Connect Network
  • Connect PBX
  • Connect Private
  • Connect Voice
  • Connect Web
  • Connect Cyber

Services

  • IT Support
  • Managed IT Services
  • Microsoft 365 Solutions
  • Cyber Security
  • Cloud Computing
  • Cloud Migration
  • Cloud Backup
  • VoIP Telephony

Support

  • Contact Us
  • New User Form
  • Exit User Form

Resources

  • Careers
  • Blog
  • Technical Capabilities

© 2025 IT Leaders

Terms & Conditions

Privacy Policy