How to avoid losing huge amounts of cash due to business email compromise and invoice fraud

Business email compromise is an emerging type of attack where someone who has control of or access to your email is able to send a convincing yet fraudulent email on your behalf to your close contacts and ask them for money.

A classic example is sending an invoice to your clients with modified bank account details. Another example might be a child sending a request for money to a parent from overseas, claiming they don't have phone access so can't receive calls and so on.

Australians are very used to using "Pay Anyone" transactions over the internet, even for very large transactions. It's a convenient and cost effective payment method, but it's one with very little recourse should you make an error and pay the wrong person. You can try to get it back, but it's far from certain you will be able to.

However there is a simple trick you can use to ensure you never lose large sums of money. You can use it not just to guard against business email compromise or invoice fraud, but also clerical errors in your business and personal life.

Here's the rule:

Never pay someone that isn't saved in your "payee list" address book in your internet banking.

The first time you save someone's details, you simply transfer $5 to them, then verify that they received the money.

You can then safely transfer larger amounts of money to them whenever you need to. If their bank details change, you go through that verification process again.

It may sound like a hassle, but it's better than losing tens of thousands of dollars and having no way to get it back.