- My name's Ben. I work on the payments team for a plumbing supplies corporative in Northern Sydney. And this year I fell victim to an invoice scam. It costs the business $57,000. It was such a simple error. And when I look back, I wish there was some complicated story attached to it but there just isn't. A couple of small mistakes resulted in a massive problem. It was about mid-morning on a standard Thursday when I got an email from Belinda, she's the accountant for one of the co-op owners, we worked together for years. So we email each other all the time. And I got this email basically saying that their accounts had been changed and to update the BSB and account details, she'd been talking about how much work she had to do because they were changing banks which made this email seem completely legitimate. It was so in context, I didn't even think twice. I just went into our banking platform updated it and let her know it was all good to go and it never came up again until about a month later. We made three payments into the new account and it wasn't until Belinda rang to follow up on the delayed payments that we realised that there was an issue. IT figured out Belinda's email account had been hacked. And the tech guys said it was likely she received a phishing email and was tricked into providing her email address and password to log in to her account. Apparently it's really common these days. Once they had that, they just poked around in her emails looking for something useful and found our email history. They replied to one of my emails and bam - I had what looked like a genuine message. I believe other people had received messages as well. So I don't think that we were the only ones that lost money but I've run that day over and over in my head and lost so much sleep. I didn't even know what would happen. I thought I was going to be sacked, but I'm just lucky that I've got a good boss. But it does impact you. It does hang over your head. I've always been so focused and I'm good at my job. I'm smart. I just never thought that this sort of thing would happen to me. I just wish that I called her to confirm.

- Unfortunately, Ben's story is one we hear all too often. Every day in Australia, criminals are targeting business to steal credentials and money. So it pays to make sure that you have the right defences in place. A few tips that NAB recommends, turn on multi-factor authentication where possible, and especially for all your email accounts. Have a process in place to validate any requests for new accounts or changes to existing accounts by calling a known or publicly listed number. Have a process to validate payments instructions for executives or for senior management in your team. Does your team know how to spot the red flags of scams. Remember cyber safety is not just an IT problem. Cybersecurity is a team effort. Make sure your team know their role in defending against attacks. To help make your business a hard target for criminals, visit nab.com.au/security for more information