Weren't expecting an email from the big boss? Maybe double check before you click on any links or hit send on a company bank transfer.
Hackers are increasingly tricking businesses into paying large sums of money by pretending to be company executives on emails, causing a strain on cashflows particularly for small to medium size enterprises (SMEs), an Australian cyber insurance provider warns.
Dubbed "social engineering fraud", the attack stems from criminals pretending to be customers, suppliers or senior individuals within a company to manipulate staff into transferring sums of cash into the attackers' bank accounts.
The type of fraud has increased more than 200 per cent over 2016 to 2017, reports to the Australian Cybercrime Online Reporting Network (ACORN) show.
Specialist insurer Edmund, which offers cyber insurance to SMEs, says most companies are not insured for this type of fraud because it typically comes under crime cover.
As a result, companies do not recover their stolen goods, co-founder Richard Smith says.
"There are a number of security measures businesses should have in place to protect themselves," he said.
Edmund, which this week launched its online platform, has built an extension of cover to ensure companies attacked by social engineering fraud are insured.
At least 34,000 Australians were affected by 63 data breaches since it became mandatory in late February for most organisations to inform the privacy watchdog about breaches that could likely result in serious harm.
That compares to just 114 breaches reported in the year to June 2017 under the old, voluntary scheme.
"Reputation is key," said fellow co-founder Christopher Lynam.
"It is evidence by our friend [Facebook chief executive Mark] Zuckerberg having to stand up in front of congress for two days, just how data - and the protection of it- has become core to society's values."