Business email compromise (BEC) — what to know
Invoice fraud, payroll redirection, and fake CEO requests — how Melbourne businesses reduce BEC risk.
What BEC looks like
Attackers impersonate executives, suppliers, or staff via look-alike domains, compromised inboxes, or spoofed From addresses. Common asks: change bank details on an invoice, buy gift cards urgently, or approve a wire transfer.
Technical layers
Enforce DMARC with quarantine or reject, enable DKIM, train staff on external sender banners, and flag payments-related keywords. Conditional access and MFA stop many account takeovers that fuel BEC.
Process beats panic
Verify payment changes on a known phone number — not numbers in the email. Dual approval for transfers over a threshold. Separate duties between who requests and who approves payments.
If you are targeted
Isolate affected accounts, reset passwords, preserve headers, report to your bank immediately, and review mail forwarding rules attackers often add. Run authentication and blacklist checks to see if the domain is abused broadly.
Try it now
Run the related tools
Need a hand?
Run the tools. Then talk to us.
Use our free diagnostics to see what is wrong, then get Melbourne IT support for the fix.
Keep reading
More guides
Fix SPF for Microsoft 365
Stop legitimate email bouncing or landing in spam by getting your SPF record right for Microsoft 365.
- Why SPF matters
- The Microsoft 365 include
Set up DMARC for your business
Move from none to quarantine with a policy that protects your domain from spoofing without breaking legitimate mail.
- What DMARC actually does
- Start with monitoring