skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Support Centre
Find ANZ Contact
Article related to:

How to protect your business

Online business banking safety and security

ANZ Security specialist

2026-06-15 04:30

Estimated reading time
 6 min

Key points

  • When you start and run a business, you invest precious time, energy and money into ensuring its success. Losing all of that to a cyber threat can be truly devastating. That’s why strengthening your cyber security is so vital for longevity.
  • Using strong passwords or passphrases, logging out of your online banking when you’re done and limiting access to your bank accounts are just some steps to increase the security of your business bank account.
  • Malware, phishing, insider threats, and business email compromise are common methods cybercriminals might use to access your business bank account and steal your hard-earned money.

Online business banking is the norm for many business owners. It’s simple and convenient to use, and if you’ve got your bank’s app, you can check your business accounts from the comfort of your smart device.

And while online banking should be safe, protecting your business bank account from cyber criminals comes down to how you (and employees with access to the account) act and behave. Your business bank account is one of the most valuable accounts a cybercriminal can access. Once they can get into your business bank account, they can quickly steal your hard-earned revenue.

That’s why we’re sharing some tips that can help you protect your business bank account from cybercriminals.

 

Why is safe online business banking important? 

Having your online business banking compromised can have many consequences. It can disrupt your daily operations, impact your revenue, and cause additional business expenses. On top of that, businesses that experience cybercrime often have to spend time and resources repairing and improving their systems, including changing their business banking and contact information.1

If your business bank account has been compromised, it’s easy for a cybercriminal to transfer your money into their own account and walk away unscathed. The average cost of cybercrime for small businesses is $46,000, so it’s essential to do your online business banking safely and smartly to help ensure your money is right where it belongs – with your business.2

 

Common types of online banking threats 

Malware

Malware (short for malicious software) is software designed by cybercriminals to corrupt your devices and files, steal information, spy on you, or even hold your files hostage in exchange for money. Cybercriminals might send an email with a file attached that will infect your device when downloaded. Or it might corrupt your device through an infected network. Once malware is on your work device, it can steal your banking credentials and relay that information back to cybercriminals, who can use it to make unauthorised money transfers.

For example, you might receive an unexpected email with an attachment. If you download the attachment, malware might spread onto your laptop and spy on you while you do your online banking business. The cybercriminal could track your keyboard movements when you type in your login credentials (such as username and password), which they can then use to log into your business bank account and steal your money.

Phishing

Phishing is when a cybercriminal attempts to trick you into giving out personal or business information, such as bank account numbers and passwords. A cybercriminal might send you a message that’s designed to look like it’s genuinely from the person or business they’re impersonating. When they contact you, the scammer will often add a sense of urgency to their request to encourage you to act without thinking.

For instance, you might receive a text message from a cybercriminal pretending to be your bank. The message says there has been unusual activity in your business bank account, and you must click the link now to verify your banking credentials or be locked out. If you click on the link, you’re taken to a fake website that looks legitimate. Thinking it’s real, you might enter your business banking details, only for the scammer to steal that information and, later, your money.

Business email compromise

Business email compromise (BEC) is when a criminal lurks in your business email server. They might access your email server by tricking someone into clicking a phishing link or by spreading malware across networks. Once the cybercriminal is on the server, they might:

  • Intercept an invoice and modify the payment details so that you (or the payee) pay the cybercriminal instead.
  • Impersonate someone within the organisation and manipulate you into doing something for their benefit, such as sharing banking details or sending money.
  • Click ‘forget password’ on a critical account and reset the password so they’re the only ones who can log into the account.

Insider threats

Insider threats are when someone who works for or with you conducts cybercrime. They might tamper with your payroll system, install malware to get your banking details, or steal your customer data and sell it on the dark web.

For example, a disgruntled employee might infect your network with malware to steal the business’ banking details. Once they have the information, they might change the login details so no one else can log into the bank account. From there, they might apply for loans and credit cards under the business name. Or they might use the business bank account as a part of a money mule scam, where a cybercriminal moves money linked to criminal activity through a legitimate bank account.

 

Tips for safer online business banking

Use strong, unique passwords or passphrases and don’t share them.
Having a password that’s hard to guess and different from your other logins can make it harder for someone to access your account without permission.

Turn on multifactor authentication (MFA).
MFA reduces the risk of unauthorised access, even if a password is stolen. For larger transactions, it’s also worth considering a two-step approval process, where a second person has to approve transactions over a certain amount.

Limit who has access to your business bank account.
Only give access to people who genuinely need it. Fewer users = fewer opportunities for mistakes or misuse.

Be alert to scams and phishing attempts. 
Don’t click on any links in messages or emails, especially if you receive them unexpectedly. It may be part of a scam to access your business’ vital information, including your business banking details. Pause and think before doing anything and verify the sender if possible.

Help employees stay cyber aware. 
Educating employees about current scams and cyber threats, and sharing guidance on safe online behaviours, can help everyone play a role in keeping your business secure. Encourage employees to verify changes to payment details or unexpected payment requests using a trusted contact number.

Keep your software, devices and systems up to date.
Regularly updating your devices helps ensure you have the latest security protections in place. Cybercriminals often look for weaknesses in outdated software, so installing updates when they become available can help protect your business. Turning on automatic updates in your device settings can make it easier to stay up to date with the latest security software.

Avoid using public Wi-Fi for banking.
Public Wi-Fi networks can be less secure, making it easier for cybercriminals to intercept information or direct you to fake websites. This can put your online banking details at risk. 

 

How does ANZ work to protect your business online?

  • ANZ Falcon® anti-fraud technology operates 24/7 to try to detect and prevent fraudulent transactions on your business credit card.

  • Consider using MFA to verify transactions with a one-time passcode, or ANZ Shield.

  • The ANZ Fraud Money Back Guarantee means we may reimburse you for any eligible fraudulent transactions on your ANZ card.

  • You can control employee access to your ANZ Internet Banking for Business account, which is an accounting and business management platform designed to streamline your business processes.

    • When making a payment, Confirmation of Payee checks if the account details you’ve entered matches the details held by the recipient’s bank. This can help you to make a decision about what to do next.
    • ANZ Digital Padlock is a last resort lock that prevents digital access if you suspect that someone is trying to access your banking, or if you are experiencing fraud or a potential scam and are unsure of the next steps.
  • Upload documents directly (and safely) to your banker using the ANZ Document Exchange.

  • Customer support is available 24/7, so you can contact us whenever something doesn’t feel right.

 

What can you do if you’ve been scammed? 

  • Contact your bank immediately if you’ve shared financial information or transferred money. If you’re an ANZ business customer, contact us immediately.

  • If you have shared business credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us. 

 

Who can you contact if you’ve been scammed?

  • Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).

  • Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

  • Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.

  • You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.

  • Contact your bank immediately if you share personal or financial information.

  • If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us.
anzcomau:content-hubs/security/how-to-protect-your-business
Online business banking safety and security
ANZ
Security specialist
2026-06-15
/content/dam/anzcomau/images/security-hub/business-cyber-security/how-to-protect-your-business/safe-business-banking-banner-1200x800.jpg

Cyber security is a team sport

Educating your staff on common cyber safety topics and threats, like business fraud prevention and using your credit card safely, can help ensure everyone knows how to protect the business from cyber threats.

Become cyber-smart

 

The information set out above is general in nature and has been prepared without taking into account your objectives, financial situation or needs. Before acting on the information, you should consider whether the information is appropriate for you having regard to your objectives, financial situation and needs. By providing this information ANZ does not intend to provide any financial advice or other advice or recommendations. You should seek independent financial, legal, tax and other relevant advice having regard to your particular circumstances.

References

1. Australian Institute of Criminology, Cybercrime in Australia 2023, 2023

2. Australian Signals Directorate, 2022–2023 Cyber threat trends for Australian businesses and organisations (PDF), 2023

Top