What Is Business Email Compromise and How Do You Fight It?

In recent years, email has become an essential part of our daily lives. Many people use it for various purposes, including business transactions. With the increasing dependence on digital technology, cybercrime has grown. A significant cyber threat facing businesses today is Business Email Compromise (BEC). 

Why is it important to pay particular attention to BEC attacks? Because they’ve been on the rise. BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat. 

What is Business Email Compromise (BE)?  

Business Email Compromise (BEC) is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.  

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors. These emails request them to make payments or transfer funds in some form.  

According to the FBI, BEC scams cost businesses around £1.5 billion in 2020. That figure increased to £1.9 billion in 2021. These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.  

How Does Business Email Compromise Work? 

Business email compromise attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organisation and its employees. They gain knowledge about the company’s operations, suppliers, customers, and business partners.  

Much of this information is freely available online. Scammers can find it on sites like LinkedIn, Facebook, and organisations’ websites. Once the attacker has enough information, they can craft a convincing email. It’s designed to appear to come from a high-level executive or a business partner. 

The email will request the recipient to make a payment or transfer funds. It usually emphasises the request being for an urgent and confidential matter. For example, a new business opportunity, a vendor payment, or a foreign tax payment.  

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.  

If the recipient falls for the scam and makes the payment, the attacker will make off with the funds. In their wake, they leave the victim with financial losses.  

How to choose the right IT Support Partner | Network & Security

How to Fight Business Email Compromise

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.  

Educate Employees 

Organisations should educate their employees about the risks of BEC. This includes providing training on how to identify and avoid these scams. Employees should be aware of the tactics used by scammers. For example, urgent requests, social engineering, and fake websites.  

Training should also include email account security, including: 

  • Checking their sent folder regularly for any strange messages 
  • Using a strong email password with at least 12 characters 
  • Changing their email password regularly 
  • Storing their email password in a secure manner 
  • Notifying an IT contact if they suspect a phishing email  

Enable Email Authentication 

Organisations should implement email authentication protocols. 

This includes: 

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC) 
  • Sender Policy Framework (SPF) 
  • DomainKeys Identified Mail (DKIM)  

These protocols help verify the authenticity of the sender’s email address. They also reduce the risk of email spoofing. Another benefit is to keep your emails from ending up in junk mail folders. 

Network & Security Newsletter

Deploy a Payment Verification Process 

Organisations should deploy payment verification processes, such as two-factor authentication. Another protocol is confirmation from multiple parties. This ensures that all wire transfer requests are legitimate. It’s always better to have more than one person verify a financial payment request.  

Establish a Response Plan

Organisations should establish a response plan for BEC incidents. This includes procedures for reporting the incident. As well as freezing the transfer and notifying law enforcement.  

Use Anti-phishing Software 

Businesses and individuals can use anti-phishing software to detect and block fraudulent emails. As AI and machine learning gain widespread use, these tools become more effective.  

The use of AI in phishing technology continues to increase. Businesses must be vigilant and take steps to protect themselves.  

Need Help with Email Security Solutions? 

It only takes a moment for money to leave your account and be unrecoverable. Don’t leave your business emails unprotected. Give us a call today to discuss our email security solutions. 

Past Blogs

This Small Change to Teams Will Make Your Meetings Run Smoother

If you’ve ever been in a Teams meeting where you’ve had to say, “next slide, please,” more times than you’d like, you’re not alone. For businesses that rely on online...
Cyber Essentials vs ISO27001

Cyber Essentials vs. ISO 27001: What’s the Difference and Which Is Right for You?

Cybersecurity certifications come in many shapes and sizes, but when it comes to choosing the right framework for your business, the decision often boils down to Cyber...
Overconfident employees: Your hidden cyber security threat?

Overconfident employees: Your hidden cyber security threat?

Your team are smart, right? They’d never fall for a scam email or click a suspicious link. At least, that’s what they think. Here’s why overconfidence could spell...

DMARC & DMARCBIS

What They Are, Why They Matter, and What Business Owners Need to Know If you’re a business owner, chances are you rely on email every day—whether it’s communicating...
Could automation save you from spreadsheet headaches?

Could automation save you from spreadsheet headaches?

Spreadsheets slow us down and are too easy to mess up. So, what if I told you there’s a better way to handle data in your business?

Did you notice Incognito mode’s improved privacy?

Did you notice Incognito mode’s improved privacy?

If your team use Google Chrome’s Incognito mode, you probably assume your browsing is private. But until Microsoft spotted this big flaw, your info could be shared...
Copilot could soon auto-open in Microsoft Edge

Copilot could soon auto-open in Microsoft Edge

Is Edge your business’s browser of choice? Microsoft’s thinking of automatically opening Copilot when you use it. It could boost productivity, but there are privacy...
How concerned should you be about cyber attacks?

How concerned should you be about cyber attacks?

You’ve probably heard a lot of talk about cyber attacks but how worried should you really be? Well, very, because cyber criminals are getting smarter. We have good news...
How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business. Why? Because cyber criminals are getting smarter than ever before. If they manage to crack just...
Beware these common ‘malvertising’ attacks

Beware these common ‘malvertising’ attacks

Ever clicked an online ad and wondered afterwards if it was a scam?… most of us have – and cyber criminals want us to keep doing it. Here’s what to look out for...