Beware the ‘urgent’ email at the end of the working day
· Michael West
Australian businesses are losing more than $150 million a year to scammers, with some embedding themselves in sensitive company email chains just waiting for the right moment to strike.
Visit extonnews.click for more information.
The threat can occur close to the end of the working day, when workers are clearing the decks and getting ready to go home, or at any other time the predator thinks people will be distracted.
An urgent email from a manager might arrive pushing for a certain invoice to be paid immediately.
But they may not be who they claim to be.
Sophisticated scammers can target workers when they are distracted or tired at the end of the day. (Tracey Nearmy/AAP PHOTOS)“Scammers are actually becoming very sophisticated,” William Mailer, chief behavioural scientist at Commonwealth Bank of Australia, told AAP.
“They can create email addresses that look almost identical to a legitimate email address, or they can actually access real email accounts of a colleague, a boss or a supplier.
“Sometimes these scams actually come embedded in email trails.”
Once embedded, the scammer can patiently study how processes and payments occur, by whom, and over what cycles.
“They’re really able to time the scam … so it feels very routine and normal, as though it’s coming from a trusted source, which makes it really difficult for the employee, for the manager to identify the scam,” Mr Mailer said.
William Mailer warns it’s vital all businesses remain alert to the tactics used by scammers. (PR IMAGE PHOTO)According to the National Anti-Scam Centre, Australian businesses fell victim to thousands of so-called payment redirection scams in 2025, losing a combined $167 million.
It’s the second-highest successful scam in the nation, behind investment scams and above romance scams.
According to CBA research released on Thursday, 73 per cent of business compromise scams arrive by email and typically include requests to add or change payment details or approve transfers.
In many cases, employees are proving better at picking up the red flags than managers.
Testing of more than 1100 employees, managers and owners of small, medium and large businesses by CBA’s behavioural science team found 76 per cent of employees could spot a scam compared to 53 per cent of managers.
Australian businesses need to ensure staff can spot red flags when emails ask for payments. (Mick Tsikas/AAP PHOTOS)But when the scams were successful, it turned out that 42 per cent of employees and 20 per cent of managers were initially suspicious.
“When people are busy, under pressure or responding to requests that appear to come from senior leaders or trusted suppliers, they’re more likely to rely on instinct rather than stopping to verify,” Mr Mailer said.
“That’s exactly the moment scammers are counting on.”
Businesses should be alert to email tone, especially if it sounds brash or aggressive, and to requests that are urgent and unexpected, or requests to update bank details and make payments to new accounts.
In 2025, Australians lost a total of $2.18 billion to hundreds of thousands of different scams.