As a business, it’s particularly important to keep all your systems safe and secure. This is particularly important if you’re an online business

As such, you should be aware of cyber attacks and how you can protect your business from them. So, what types of cyber attacks are there?

A business email compromise (BEC) is a type of cyber attack that invades a businesses online systems, allowing attackers to take advantage of inside knowledge to cheat the business out of their own money. 

Keep reading to know more about BEC and what you can do. 

What Is Business Email Compromise (BEC)?

Business email compromise (BEC) are scams aimed specifically  at businesses. 

The scammers target businesses by pretending to be clients, associates and even employees. Once they’ve established communication as someone from within the business or as someone the business trusts, they direct payments or other types of cash flow into their accounts. 

BEC is a breach of the Cybercrime Act 2001. According to the Australian Federal Police, BEC resulted in more than $79 million worth of loss for Australian businesses between 2020 and 2021. 

Is BEC A Type Of Phishing?

Yes, BEC is a type of phishing

Phishing is a common fraudulent tactic that uses emails to discover the personal information of an individual or organisation. 

BEC scams largely utilise emails as it is anonymous, allowing them to easily pretend to be someone they are not.  

What Are Email Scams?

As we explained above, phishing scams send emails to users in order to obtain their personal information from them. 

While phishing requires targets to willingly divulge their information and relies largely on trickery, some other types of email scams can hurt victims in a number of different ways. 

Hacking is another way cyber attacks are conducted. Email scams can often result in the victim getting hacked. 

Hacking involves invading the systems of an unsuspecting victim, either through a backdoor or a faulty link they may have clicked. Once a hacker has access, they have the ability to cause significant damage to their victims. 

What To Do If You’ve Been Targeted

If you find yourself a victim of BEC or notice any strange emails, there are a number of steps you need to take immediately. They are as follows: 

  • Inform ReportCyber of the crime 
  • Secure the accounts that have been compromised immediately and any other that might be at risk 
  • Report the hack to service providers any other relevant authorities 
  • Get in contact with your clients, employees and anyone that may have been impacted to let them know what has occurred 

It’s not uncommon for businesses to be targeted. In fact, the Australian Cyber Security Centre (ASCS) has classified BEC to be at an alert level of medium, so be sure you have some kind of plan in place! 

Business Email Compromise Cases Around the World

One of the most popular examples of BEC was the famous scamming of Facebook and Google which resulted in over $100 million in loss for the two tech giants. 

For 2 years, Evaldas Rimasuaskas managed to convince the two major companies he was their supplier. He was later caught and received a jail sentence. 

Other companies such as Toyota, Ubiquity and even charities have been victims of BEC. 

From small businesses to major global companies, anyone can be a target of a BEC scam.

What Happens If There Is A Data Breach?

As a business, you likely have the personal information of clients, customers, employees and associates stored in your systems. As a result, when a breach occurs this information is compromised or at risk.

Organisations that carry the personal information of others are covered by the Privacy Act 1988, meaning they need to notify the Office of The Australian Information Commissioner (OAIC) of any notifiable data breaches

In order to be prepared for scenarios where your business’ private information has been risked, it’s best to have a Data Breach Response Plan

A Data Breach Response Plan is essentially a system with a number of steps for when your business’ systems have been breached. For example, who you need to inform and how you will restrict further access. 

How To Avoid BEC

In order to avoid BEC, there are a couple of measures you should consider implementing. 

  • Have a strong cyber security system in place and get it regularly updated by an IT professional 
  • Train all your employees on being vigilant and aware – have a system in place for any communication in the workplace
  • Stay aware on the latest updates regarding BEC so you can know what to look out for
  • Have tailored, businesses emails as opposed to web based accounts 
  • Make the use of scam detecting software 
  • Limit exposure in certain areas i.e public wifi 

It may be worth investing in the help of a professional to secure your systems. 

Who Is Liable In A Business Email Compromise?

Currently,  there is no legislation or case law that can distinctly state which party is liable when it comes to BEC. 

Therefore, there is no uniform answer to this. 

Sometimes, it can be the responsibility of clients to double check where a particular email is coming from or the mistake of the business for allowing their systems to be penetrated. 

The liability is likely to be assessed on a case to case basis, depending on whose duty of care is in question. 

As a business, however, it is your responsibility to ensure you have taken all the reasonable measures possible to secure your systems. Ultimately, if something does go wrong, then your liability could be influenced based on the preventative measures you have taken. 

Who Is Liable For Hacked Emails In Australia?

Once again, there is no straightforward answer to who is liable for hacked emails in Australia. 

Currently, there are no legal judgments to base on answer off. 

Who is liable will depend on whether the email was spoofed or hacked. 

Hacking, as we noted earlier, is when an organisation’s internal systems have been violated by a cyber criminal who then takes advantage of their access. 

Spoofing, on the other hand, is when someone manages to send an email to another by covering the name of their temporality to something their victims are likely to trust. 

It is unlikely that you will be responsible for a customer being spoofed. However, it is still your responsibility to secure your systems as best as possible to prevent hackers from entering, as you could end up liable in this regard. 

How To Build A Strong Cyber Security System

Cybercrimes can be daunting to think about. However, the best thing you can do is protect your business from potential attacks. Having the right systems in place, being vigilant and prepared can go a long way in saving your business. 

Some things you can do include:

  • Restrict and monitor the access to your data and systems
  • Get cyber security insurance
  • Have a password protection system
  • Ensure your systems are regularly updated
  • Get the help of an IT professional 
  • Have well thought-out workplace policies that have cyber security in mind 
  • Make sure your employees are well trained in cyber security 

Key Takeaways

BEC scams can be detrimental for your business. However, if you stay alert and prepared, you could keep your business safe from cyber attacks. To summarise what we’ve discussed: 

  • BEC is a business email compromise where fraud occurs through emails that can trick the receiver  
  • If you find yourself a target, it’s essential that you notify the relevant authorities, employees and clients 
  • Major companies and small businesses have all reported being victims to BEC
  • In order to avoid BEC, have solid cyber security systems in place 
  • It’s hard to pin liability to one party, which is why it’s especially important for businesses to take reasonable steps in securing their information systems 

If you would like a consultation on business email compromises, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.

Sapna Goundan
Sapna has completed a Bachelor of Arts/Laws. Since graduating, she's worked primarily in the field of legal research and writing, and she now writes for Sprintlaw.
About Sprintlaw

Sprintlaw's expert lawyers make legal services affordable and accessible for business owners. We're Australia's fastest growing law firm and operate entirely online.

5.0
(based on Google Reviews)
Do you need legal help?
Get in touch now!

We'll get back to you within 1 business day.

  • This field is for validation purposes and should be left unchanged.

Related Services

Email Disclaimer

Protect the contents of your emails with an Email Disclaimer.
Learn More

Online Business Bundle

Get $1,400 of essential business legal documents for $500. Our lawyers will draft a custom Privacy Policy, Cookie Policy, Email Disclaimer & Website Terms of Use to protect your online business.
Learn More

Business Name Registration (3 years)

We'll help you register your business name.
Learn More
Related Articles
Is It Legal To Have Workplace Cameras And Surveillance?
Posted 17th October, 2023
Is ChatGPT Copyright Free?
Posted 5th May, 2023
Get A Cross-Border Data Processing Agreement
Posted 16th March, 2023
Business Call Recording Laws In Australia
Posted 7th March, 2023
A Guide To The Privacy And Data Protection Act 2014 (Vic)
Posted 9th December, 2022
Australian Law Data Breaches: What You Need To Know
Posted 18th November, 2022