Employees are more likely to spot a scam than their bosses, new research reveals.
Around 76 percent of employees were able to detect a scam, compared with 53 percent of managers.
The findings were based on a survey by the CommBank’s Behavioural Science Team across 1126 employees, managers and owners in small, medium and large businesses.
The research found payment redirection scams were the most common way scammers infiltrated workplaces.
More than 70 percent of scams targeting businesses arrived via email.
“These scams typically involve requests to add/change payment details or approve transfers, often appearing to come from a trusted senior leader or supplier,” ComBank said in a statement.
“In instances where scams were successful, 42 percent of employees and 20 percent of managers felt suspicious but the scam was successful anyway.
“(This highlights) both a critical gap in scam awareness at all levels of organisations, and the importance of educating staff to recognise red flags and how to act quickly.”
ComBank said that in 61 percent of cases where workplace scams were successful, subtle abnormalities had not been identified.
CBA Chief Behavioural Scientist William Mailer said scammers were exploiting normal workplace behaviours and pressures rather than technical gaps alone.
They often mimicked real suppliers, colleagues or executives and used authentic‑looking email addresses.
“Business email compromise scams are designed to feel routine and familiar; they mirror how we normally work and communicate often using familiar corporate language,” Mr Mailer said.
“By targeting everyday tasks we perform on auto-pilot, scammers exploit moments when we are less likely to stop, check and reject.”
The research also showed workplace conditions could significantly influence scam outcomes. High workplace stress was present in 59 percent of organisations where scams succeeded.
The full report is available here.
