Business Email Compromise is consistently the highest-value cybercrime category in Australia, with losses running into hundreds of millions of dollars annually. BEC attacks typically require no technical exploit, just a convincingly written email and a moment of inattention. Hamilton365 helps Brisbane businesses configure Microsoft 365 to significantly reduce their BEC exposure.
CEO fraud, impersonating a senior executive to request an urgent payment. Invoice fraud, impersonating a supplier with updated bank details. Payroll diversion, requesting a change to direct deposit details. Account compromise, conducting attacks from within a legitimately compromised internal account.
Exploits human psychology, not technical vulnerabilities. Often contains no malicious content, no malware, no links, no attachments. Financial transactions are hard to reverse.
MFA, blocks over 99% of automated account compromise. Conditional Access, blocks sign-ins from unexpected locations or devices. Anti-phishing with impersonation protection in Defender for Office 365. External email tagging, a visible warning on all emails from outside the organisation. DMARC, SPF, DKIM, blocking spoofed emails at the receiving end. Alert policies for unusual behaviour.
A simple process control, any request to change bank details must be verified by phone using a number from existing records, not from the email, eliminates a large proportion of BEC risk regardless of technical controls.
M365 Security Hardening Assessment