In its Local Government 2025 – Information Systems Audit Results report, the Western Australian Office of the Auditor General (OAG) found that a Western Australian council paid approximately $350,000 to an unknown third party after a phishing attack led to fraudulent changes to supplier account details.
For partners, this is a timely reminder that email security is not just about blocking spam or malware. It's about protecting business processes that rely on trust.
Payment redirection fraud is particularly damaging because it often looks like normal business activity. A supplier appears to update bank details. A staff member processes the request. A payment is made. The process may appear legitimate until the real supplier follows up, or finance teams identify the loss.
By then, recovery can be difficult.
This type of incident resonates with executives because it connects cybersecurity directly to financial loss, governance, supplier management, and operational discipline.
It also gives partners a practical way to speak with customers about risk without relying on fear. The message is simple: when email is used to initiate or approve business activity, email security becomes part of financial control.
Many businesses still treat invoice fraud, payment redirection, and business email compromise as isolated incidents. In reality, they are symptoms of a broader problem. Attackers understand business workflows and target the moments where trust, urgency, and routine intersect.
That could be a supplier update, an overdue invoice, a payroll change, a legal document, or a message appearing to come from a senior executive. Partners can help customers reduce risk by combining technical controls with process improvements.
What Partners Can Discuss With Customers
Partners can ask customers:
-
Are supplier bank detail changes verified through a second channel?
-
Are finance teams trained to identify payment redirection attempts?
-
Are executives aware of how email fraud can create direct financial exposure?
-
Are suspicious emails being stopped before they reach users?
-
Are Microsoft 365 or Google Workspace environments protected by specialist third-party email security?
The strongest customer conversations are often not about technology alone. They are about protecting revenue, cash flow, trust, and continuity. Payment redirection fraud is a powerful example because it shows how one email can trigger consequences across finance, operations, leadership, and reputation.
For partners, this creates a clear opportunity to help customers strengthen email security as part of broader business resilience.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist AI-powered email threat detection solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, AI-powered zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
