Australians lose over $4 billion each year to cybercrime and fraud.

According to the ACCC, there could be $4 billion in fraudulent payments in 2022. Below are six ways that may result in you unknowingly paying a cybercriminal or fraudster.

Business email compromise

Business Email Compromise (BEC) is a type of cyber attack in which the attacker gains access to a business email account and uses it to defraud the company, its employees, or its customers. The attacker may send fraudulent emails to trick the recipient into wiring money to a fraudulent account, disclosing confidential information, or taking other harmful actions.

Vendor email compromise

Vendor Email Compromise (VEC) is a type of cyber attack that is similar to Business Email Compromise (BEC) but with a focus on targeting the vendors or suppliers of a company rather than the company itself.

In a VEC attack, cybercriminals will target the email accounts of vendors or suppliers that have a relationship with the targeted company. The attacker will use the compromised email account to send fraudulent emails requesting urgent payments, changes in payment details, or sensitive information. The emails may appear to be legitimate and may use social engineering tactics to persuade the recipient to take action.

Fake invoices scam

A fake invoice scam is a type of cyber fraud in which scammers send fraudulent invoices to businesses or individuals, usually through email. These invoices may appear to be legitimate, often using branding and logos of well-known companies, and may even reference specific products or services that the recipient has purchased or requested.

The scammer's objective is to trick the recipient into making a payment for goods or services that were not actually provided or authorized. The payment is usually made to a bank account controlled by the scammer, and once the payment is made, it is very difficult to recover the funds.

Social engineering scams

Social engineering scams targeting businesses involve the use of psychological manipulation tactics to trick employees into disclosing sensitive information or performing actions that benefit the attacker. These scams can take many forms and are often designed to exploit human weaknesses such as trust, fear, or curiosity.

One common type of social engineering scam is phishing. This involves sending fraudulent emails or messages that appear to be from a trusted source, such as a colleague, vendor, or customer. The message may request sensitive information or ask the recipient to click on a link or attachment that installs malware on their computer, giving the attacker access to their data.

Hacked accounting software

If a hacker gains access to a company's accounting system, they may be able to divert payments by manipulating or falsifying invoices, changing bank account details, or intercepting and redirecting payments.

Insider Fraud

Insider fraud is a type of fraud that is committed by individuals who have authorized access to a company's systems, data, or assets. This could include employees, contractors, or other individuals who have been granted access to confidential or sensitive information.

Insider fraud can take many forms, such as embezzlement, theft of intellectual property, or unauthorized disclosure of sensitive information.

Spot the difference?

Banks don’t check. People can’t.


Secure, fast and accurate payment verification using the power of AI and our network of over 4 million in-person verified bank details.

Is cybercrime keeping you up at night?

Fraudsters and criminals exploit a security vulnerability in the banking system, namely the lack of verification of business names against bank account and BSB numbers. This means that when a criminal gets access and changes the bank account details on an invoice, the money will go to their malicious accounts.

Verify Invoices, before you pay

When you receive an invoice with an EftsureID, your suppliers want you to be able to double-check their details and be sure you are paying them using the right bank account. Eftsure’s verification technology matches the bank account and BSB with the business name in our database. That database contains over 4M verified Australian businesses and uses anti-fraud and cross-matching algorithms to continuously validate verified bank information.

Get Eftsure for business

EftsureID is a free-to-use product provided by Eftsure. It allows you to verify invoices from a supplier that has published their EftsureID badge on their invoices. If you want to verify bank information for all your supplier payments, contact our sales team to see how Eftsure can verify payments from the moment you receive an invoice all the way to releasing funds in your online bank environment.

Verify invoices on-the-go

Get the EftsureID mobile app.


Available on App Store.

Scan to install


Available on Google Play.

Scan to install

Securing over 1,000 Australian businesses

More than $5 billion in EFT payments safeguarded against fraud, error and cybercrime.

Eftsure for business