Learn to identify the signs of Business Email Compromise


Many of us know about basic email phishing, but the infiltration of Business Email Compromise (BEC) is much more advanced. It’s not a threat on the horizon – it’s here now.

With the evolving tactics of cyber attackers, awareness is your best defence against the potential reputational, financial, and legal consequences. Learn to identify the signs to protect yourself, your practice, and your clients before it’s too late.


What is BEC?

With BEC, cybercriminals first use phishing to infiltrate the victim’s email accounts. They then impersonate trusted sources and use social engineering to trick people into disclosing sensitive information or executing financial transactions. They can also create email rules to conceal sent and received emails, often going unnoticed without proper awareness.

The cost of falling victim

With the abundance of confidential information that advisers are entrusted with, you’re a prime target for BEC attacks. If attackers are successful, your practice and your clients can face reputational damage, financial losses, loss of trust, and legal repercussions. In addition, leaks of personally identifiable information and personal health information can open the door to identity theft and privacy breaches, causing significant harm to individuals and businesses. Under the Privacy Act, these breaches could cost up to $100,000 per breach.

It’s crucial to safeguard against the far reaches of these consequences.


The red flags

  1. Unusual requests: Be highly suspicious of unexpected emails requesting sensitive data, banking updates, or urgent actions. Always verify such requests with the client over the phone before making any updates – especially during claim processing.
  2. Unusual email rules: Regularly review your email settings to check for potential rules set up by cyber attackers. Look for unfamiliar rules dictating inbox behaviour, such as redirecting specific emails, auto-deleting messages, or categorising them in unusual folders.
  3. Altered email addresses: Scrutinise email addresses for subtle changes, including misspellings or slight variations. Cybercriminals often use these tactics to mimic legitimate addresses.
  4. Unusual timing: Exercise caution with requests outside regular business hours or during holidays. If you know the business emailing you operate 9-5, is an email received at 11.30pm normal?

Upskill your practice with our Security Education Team

If you and your practice know what to look for, it’s much easier to defend against cyberattacks. Stay vigilant, scrutinise every email, and implement robust security practices in your workplace.

Our Security Education team can assist with delivering training sessions to you and your support staff on industry trends in security and cyber awareness. Please contact your MLC Life Insurance Business Development Manager for more information.


Improve your practice's cyber awareness

We're here to help

Reach out