Members are advised of a delay to credit card statements. We understand the importance of these statements and are working urgently with our supplier to resolve the issue. We estimate statements will be available online by the end of the week. We apologise for the inconvenience.

Login

Business Email Compromise (BEC)

A business email compromise commonly known as a BEC or a payment redirection scam, is when a recipient receives a legitimate-looking email requesting a payment to new or updated account details.

 

A fraudster is often impersonating a contractor, supplier, creditor or even someone in senior management such as the CEO and asks that an urgent payment be made, or from a supplier, requesting that future payments go to a new account. Often it instructs the recipient not to discuss the matter with anyone else. This type of scam can impact everyone, not just businesses. Since the sender's email closely matches a known address, this type of fraud often goes unnoticed until too late. Cybercriminals may even hack into a real email account - from which fraudulent communications are hard to identify.

 

BEC events are complex, and involve multiple victim parties, with the following fraud types some of the more common:

  • Invoicing fraud – The fraudster impersonates a supplier, and requests payment of a legitimate invoice, having substituted the supplier’s banking details with their own.
  • Payroll fraud – The fraudster impersonates an employee and seeks to divert a salary to an alternative bank account that’s been established in the employee’s name.
  • CEO or executive fraud – The fraudster impersonates the CEO by email, and directs a member of staff to transfer funds to the scammer’s account.
  • Legal impersonation – The fraudster passes themselves off as a lawyer or legal representative of the business and requests sensitive information urgently.
  • Data theft – The criminal impersonates a senior person to obtain access to sensitive and valuable information about employees, customers or suppliers, which is used for future attacks. Data theft often targets individuals working in human resources.

 

How to protect yourself and your business

  • Always verbally confirm any requests for urgent or redirected payments.
  • Register your business for PayID by using your ABN and request this is how your account is credited.
  • Request to pay your suppliers using a PayID, PayID displays the registered payee name, so if it's not your intended recipient you will know something is possibly suspicious.
  • Large payments or changes to beneficiary/supplier details should be verified by calling a trusted number. No single person should be responsible for making payments, so adopt strict separation of duties, using multiple authorities to make and approve payments or changes to beneficiary/supplier details or multifactor authentication where available.
  • Train your employees regularly on how to spot scams. Empower them to question any payment related requests and verbally verify account details are correct, by setting this as a process to follow.
  • To access online services (like email or accounting platforms) should require multifactor authentication (MFA) – typically an additional code from your phone or dongle required to login to a website on top of your password.
  • Promptly install software updates, enabling software auto-updates and install a reputable antivirus program to help reduce the impact of malicious software.

 

What to do if you have been scammed

If you think your personal or business account has fallen victim to a business email compromise:

  • Contact us immediately (How to report fraud or scams)
  • Change your online banking passwords and card PIN
  • Contact IDCARE on 1800 595 160. IDCARE is a free, government-funded service that provides support to victims of identity crime
  • Report fraud via the Australian Cyber Security Centre

how to report fraud and scams

How to report fraud or scams

 

Helpful links

 

Lock your card

  • Log into our Mobile App and select "Cards" from the Menu and select "Lock Card"

 

Report lost, stolen or captured card

  • Please contact us immediately if your G&C Mutual Bank credit or debit card is lost, stolen or captured. Call us on 1300 364 400, 24 hours a day, 7 days a week.
  • For overseas assistance, call us on +61 2 9307 5400 or contact Visa Global Customer Assistance +1 303 967 1090 (international) or the VISA International Hotline specific to the country you are in.
  • Email us with the subject: URGENT lost or stolen card
  • Contact us before you travel overseas so we can monitor your account more closely. You will also avoid transactions on your cards being stopped by us when we detect overseas purchases. We will need to know your departure date, return date, destination and contact details while you’re away.
  • Alternatively, you can complete the Overseas Travel Form within our Mobile App.
  • Read more about staying financially safe overseas to ensure your travels are memorable for all the right reasons.
Untitled-1

About Us   |   Security   |   Privacy   |  Financial Claims Scheme    |   Financial Hardship   |   Disclosures   |   Sitemap   |   Terms & Conditions   |   Fees & Charges   |  Feedback   |   FAQs 

In the spirit of reconciliation G&C Mutual Bank acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today. We support the Uluru Statement from the Heart to achieve justice, recognition and respect for First Nations people.


Any advice or information on this site does not take into account your personal objectives, financial situation or needs and you should consider whether it is appropriate for you. Please review G&C Mutual Bank's Terms and Conditions before acquiring the product.

© 2025 G&C Mutual Bank Limited | ABN 72 087 650 637 | AFSL & Australian Credit Licence 238311