What Is Business Email Compromise and How Do You Fight It?

In recent years, email has become an essential part of our daily lives. Many people use it for various purposes, including business transactions. With the increasing dependence on digital technology, cybercrime has grown. A significant cyber threat facing businesses today is Business Email Compromise (BEC). 

Why is it important to pay particular attention to BEC attacks? Because they’ve been on the rise. BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat. 

What is Business Email Compromise (BE)?  

Business Email Compromise (BEC) is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.  

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors. These emails request them to make payments or transfer funds in some form.  

According to the FBI, BEC scams cost businesses around £1.5 billion in 2020. That figure increased to £1.9 billion in 2021. These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.  

How Does Business Email Compromise Work? 

Business email compromise attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organisation and its employees. They gain knowledge about the company’s operations, suppliers, customers, and business partners.  

Much of this information is freely available online. Scammers can find it on sites like LinkedIn, Facebook, and organisations’ websites. Once the attacker has enough information, they can craft a convincing email. It’s designed to appear to come from a high-level executive or a business partner. 

The email will request the recipient to make a payment or transfer funds. It usually emphasises the request being for an urgent and confidential matter. For example, a new business opportunity, a vendor payment, or a foreign tax payment.  

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.  

If the recipient falls for the scam and makes the payment, the attacker will make off with the funds. In their wake, they leave the victim with financial losses.  

How to choose the right IT Support Partner | Network & Security

How to Fight Business Email Compromise

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.  

Educate Employees 

Organisations should educate their employees about the risks of BEC. This includes providing training on how to identify and avoid these scams. Employees should be aware of the tactics used by scammers. For example, urgent requests, social engineering, and fake websites.  

Training should also include email account security, including: 

  • Checking their sent folder regularly for any strange messages 
  • Using a strong email password with at least 12 characters 
  • Changing their email password regularly 
  • Storing their email password in a secure manner 
  • Notifying an IT contact if they suspect a phishing email  

Enable Email Authentication 

Organisations should implement email authentication protocols. 

This includes: 

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC) 
  • Sender Policy Framework (SPF) 
  • DomainKeys Identified Mail (DKIM)  

These protocols help verify the authenticity of the sender’s email address. They also reduce the risk of email spoofing. Another benefit is to keep your emails from ending up in junk mail folders. 

Network & Security Newsletter

Deploy a Payment Verification Process 

Organisations should deploy payment verification processes, such as two-factor authentication. Another protocol is confirmation from multiple parties. This ensures that all wire transfer requests are legitimate. It’s always better to have more than one person verify a financial payment request.  

Establish a Response Plan

Organisations should establish a response plan for BEC incidents. This includes procedures for reporting the incident. As well as freezing the transfer and notifying law enforcement.  

Use Anti-phishing Software 

Businesses and individuals can use anti-phishing software to detect and block fraudulent emails. As AI and machine learning gain widespread use, these tools become more effective.  

The use of AI in phishing technology continues to increase. Businesses must be vigilant and take steps to protect themselves.  

Need Help with Email Security Solutions? 

It only takes a moment for money to leave your account and be unrecoverable. Don’t leave your business emails unprotected. Give us a call today to discuss our email security solutions. 

Past Blogs

Copilot connects Microsoft and Google

Microsoft Copilot Now Connects Gmail and Outlook—What This Means for Your Business

If you’ve ever found yourself switching between Gmail, Outlook, and countless browser tabs just to track down an email or check your diary, you’re not alone. For many...
New Ransomware Warning

New Ransomware Alert: What UK Businesses Should Do

Don't Waste Time Searching Through Settings

Windows 11’s New AI Agent: A Smarter Way to Tackle Settings

More accessibility Features in Windows 11

Windows 11’s New Accessibility Tool: What It Means for Your Business

Outlook flags your important email

Outlook will flag your most important emails

Can your staff access too much?

Half of staff have too much access to data

Windows 10 hit ends of life in just over 2 weeks

Free Support for Windows 10 Ends in Just Two Weeks – Here’s What Your Business Needs to Know

Free Support for Windows 10 Ends in Just Two Weeks – Here’s What Your Business Needs to Know What would it take to bring your business to a halt?It’s not always a major...
Better passkey integration in windows

Passkeys will be better integrated in Windows

New hire? New security risk

New member of staff… new cyber security risk?

   When you bring someone new into the business, your first thought is usually about getting them set up to succeed. A laptop, email account, access to the right...
Microsoft to Introduce a Unified Naming System for Hackers

Microsoft to Introduce a Unified Naming System for Hackers

Have you ever tried to follow a crime documentary where the main suspect keeps changing names? It’s confusing—and that’s exactly what’s been happening in the world of...