According to William Mailer, Chief Behavioural Scientist at CBA, scammers are exploiting normal workplace behaviours and pressures rather than technical gaps alone, often mimicking real suppliers, colleagues or executives and using authentic‑looking email addresses – a hallmark of business email compromise scams.
“Business email compromise scams are designed to feel routine and familiar; they mirror how we normally work and communicate often using familiar corporate language. By targeting everyday tasks we perform on auto-pilot, scammers exploit moments when we are less likely to stop, check and reject,” Mailer said.
“When people are busy, under pressure or responding to requests that appear to come from senior leaders or trusted suppliers, they’re more likely to rely on instinct rather than stopping to verify. That’s exactly the moment scammers are counting on.”
Stress a contributing factor
The research also shows workplace conditions can significantly influence outcomes. High workplace stress was present in 59 per cent of organisations where scams succeeded, compared with 38 per cent where scams were unsuccessful, reinforcing the link between pressure, speed and increased risk.
While responsibility for preventing scams is often seen as a technology issue, the findings suggest this mindset may leave businesses exposed. More than half of employees (55 per cent) and 44 per cent of managers believe IT and cyber security teams are most responsible for preventing workplace scams, despite employees being the first line of defence.
Those who successfully avoided scams pointed to human awareness as the decisive factor. Sixty‑eight per cent said spotting red flags saved them, while 47 percent credited scam training and education, highlighting the value of regular, practical training across all levels of a business.
“The strongest protection against scams isn’t just better systems – it’s encouraging work practices where people pause, question and double‑check, even when a request appears legitimate,” Mailer said.
“Empowering employees and leaders to slow down and verify unusual requests and even making this part of normal workplace routines and rituals, can make the difference between stopping a scam and suffering a significant financial loss.”
The findings serve as a timely reminder for Australian businesses to stay alert to business email compromise scams, ensure leaders are just as vigilant as their teams, and foster cultures where questioning unexpected or urgent payment requests is encouraged, regardless of who they appear to come from.
Indicators of a payment redirection scam
How to protect your workplace
-
Set up a payment approval process for your business, preferably requiring multiple approvers, with no exceptions.
For more on how CommBank helps protect businesses from scams and fraud, and what businesses can do to protect themselves, visit CommBank Safe for Business.
Click Here For The Original Source.
