Business cyber safety guide

Business Email Compromise: What Small Businesses Should Check First

If a business email account is misused, customers, suppliers and staff can be tricked into paying fake invoices or trusting false instructions.

Quick answer: stop and verify using a trusted contact method before you pay, approve, reply or ignore warning signs.

Your IT & Tech Mates guide for Australian small businesses checking business email compromise warning signs, fake invoices, mailbox rules and safer account access.
Your IT & Tech Mates guide for Australian small businesses checking business email compromise warning signs, fake invoices, mailbox rules and safer account access.

Fast decision

PauseDo not rush payment or approval.
VerifyUse a known contact method.
RecordKeep a short evidence note.
EscalateAsk for help if risk remains.

What this means for a small business

If a business email account is misused, customers, suppliers and staff can be tricked into paying fake invoices or trusting false instructions.

Most business cyber problems become expensive when a normal-looking request is handled too quickly. A safer process gives staff permission to pause, check the source, and ask for help before money, access or sensitive information is exposed.

This guide uses fake examples only. It is designed to help you prepare a safer next step, not to collect private records or replace professional investigation.

Warning signs to check

  • Unexpected sent emails or replies customers mention but staff do not recognise.
  • New inbox rules, forwarding rules or deleted-message behaviour.
  • Staff receive login prompts or password reset notices they did not start.
  • Customers or suppliers report changed bank details or unusual instructions.

What to do now

  • Change passwords only from a trusted device and protect the account with two-step login.
  • Check forwarding rules, mailbox rules, delegates and recent sign-in activity.
  • Warn affected staff, customers or suppliers using a known contact path.
  • For money already sent, contact the bank immediately.
Safe next stepUse the related free tool to turn the warning signs into a plain-English action note for your business.

What not to do

  • Do not rely on the suspicious email thread to confirm instructions.
  • Do not delete evidence before taking screenshots or saving details.
  • Do not ask staff to share passwords, codes or full customer records.
Money already sent?Contact your bank immediately. Then save the email, invoice, payment and verification details for review.

Related Business Cyber Safety links

FAQ

Is this a formal cyber audit?

No. This is a practical self-check guide, not a formal audit, investigation, certification or guarantee.

Should I share passwords or login codes?

No. Do not share passwords, login codes, banking passwords, card numbers or private customer records through this guide.

What if money has already been sent?

Contact your bank immediately. Then collect the invoice, email details and verification notes for review.

Updated