Business email compromise – How can you avoid it and what can you do if you get scammed?

Business email compromise – How can you avoid it and what can you do if you get scammed?

Ballantyne Law Group assists clients in both dealing with cyber fraud attacks, and in putting appropriate legal systems in place to protect against these attacks.
Solicitor Sidnee Jennings outlines some of the issues.

While technological advancements and new forms of communications bring exciting opportunities and new ways of doing business, they have also brought with them a new wave of cyber criminals who continue to find new ways to take advantage of our increasing reliance on technology and the internet.

A popular misconception of these cyber criminals, owed to popular culture depictions of ‘hackers’, is that they are somehow ‘cracking codes’ and attacking firewalls to get into our systems. In reality, a lot of these offenders are gaining access through simpler, yet just as dangerous, means called ‘phishing’.

Phishing is a fraudulent practice that involves sending emails purporting to be from someone, a client or a company or even a known friend or relative, to obtain information including passwords and credit card information or in many cases, requesting a payment or payments.

We have all seen these obvious scam emails land in our inboxes – long lost uncles offering a million dollars if we just give them our bank details or financial institutions we don’t bank with warning us that they will freeze our accounts if we don’t log on with our email and password. We typically send them to junk and move on, but the scammers have gotten more sophisticated in recent years and in some cases, all it takes is to click on a link for them to gain access to vital information.

Many of the scammers are using industry targeted language and come across as credible potential clients or consultants, fooling their victims into clicking links that will immediately compromise the systems.

We are seeing more and more clients who have fallen victim to these attacks, especially in the wake of the Covid-19 Pandemic which has kept a lot of people at home, spending more time on the internet. These scammers are gaining access to our client’s emails system, where they wait for an opportunity to intercept and amend account details.  The victim’s customers then make potentially large payments to the false account and the scammers take the cash, close the account and disappear.

Making a financial gain through fraudulent means is an offence under the Queensland Criminal Code Act 1899 (QLD), however, it is a sad reality that these aggrieved clients and their customers often receive little-to-no money back after involving law enforcement authorities due to the nature of the crime and the ease with which the scammers disappear.

Our clients are then left out of pocket, with customers who are unwilling to pay, having already paid the money to a third party, albeit a fraudulent one.

At Ballantyne Law Group, we help our clients both in taking steps to recover these amounts owed, taking preventative steps to avoid falling victim to such scams and including terms in their terms of trade or initial agreements with their clients to remove liability to the extent permitted by law in the instance of such a scam.

If you have suffered a loss as a result of business email compromise or you would like to take measures to prevent suffering such a loss, please contact Ballantyne Law Group to discuss your next steps.

Sidnee Jennings is a solicitor with Ballantyne Law Group and practices primarily in commercial and property law.


James Ballantyne


Sidnee Jennings