Email security

What is a business email compromise attack?


Business email compromise, or 'BEC', presents a growing problem for organisations of all sizes. In fact, over 6,000 businesses are targeted each month, making the UK the second most targeted region (26%) after the US (39%). That's why you and your colleagues should be aware of the tell-tale signs of a BEC attack and what you can do to avoid falling prey to phishing attempts.

In this article, we'll explain what BEC is, how to spot the signs of a BEC attack and how to prevent them.

What is business email compromise?

Sometimes known as ‘man-in-the-email’ scams or ‘CEO fraud’, BEC tricks employees into providing confidential information or sending money to someone they believe they can trust.

Cybercriminals will either hack into senior leaders' corporate email accounts or create new ones that appear to be authentic. They can then use this to impersonate the account owners and email potential victims. 

How business email compromise attacks happen

BEC attacks capitalise on human psychology. As a result, BEC attacks bypass the usual security systems that look for malicious attachments or content. Not only does this make it easier for scammers, but also very lucrative. 

Often, impostors will pose as a manager or member of the c-suite to email potential victims with an 'urgent' request. This usually involves sending money via wire transfer, which is difficult to trace and recover. In 2019, UK Finance recorded over 122,000 instances of this scam, which cost UK businesses gross losses of £455.8 million.

The non-profit organisation, Save the Children, was the victim of a BEC attack in 2018. Cybercriminals compromised an employee's email account to send out fraudulent invoices and documents that were linked to a project in Asia. This cost the organisation an estimated £718,615

Signs of business email compromise

Part of the reason BEC attacks have a high success rate is that they bank on workers being too busy to read emails properly. Therefore, everyone in your organisation must be aware of what to look out for. Here are some of the most common signs that you're being scammed:

1. Bizarre requests from senior leaders: Many people reply quickly to an email that's come from a manager or member of the c-suite. However, it's important to take the time to consider their request. Does it seem odd? If they're asking you to transfer money or provide confidential information, treat the email with caution. 

2. Attempts to sidestep normal channels: Your business likely has a system for processing all payments, regardless of their urgency. Impostors will try to bypass this step. For example, if they're asking for money, they may claim that it needs to be wired over immediately.

3. Confidentiality requests: Emails of this nature often try to incite panic. As such, recipients may not take the time to verify the request. However, if the sender is specifically asking you to keep these messages to yourself and only communicate via email, you're probably being scammed.

4. Unusual content issues: Take a close look at the main body of the email. Does it sound like it's come from the alleged sender? For example, it may be in broken English, despite the sender being a native speaker. 

5. 'Reply To' addresses that don't match the sender address: The impostor's 'Reply to' email address may not be the same as the one it's come from. Sometimes, this is hard to spot because they regularly use lookalike domains to fool recipients - e.g., instead of

How to prevent business email compromise

The majority of BEC attacks won't be detected by antiviruses, spam filters or other standard cybersecurity systems because they tend to employ social engineering techniques, rather than malicious links or attachments. 

However, there are still several ways you can prevent a BEC attack:

  • Use a company email domain: Free, web-based email domains are easier to impersonate.
  • Secure the login process: By enabling multi-factor authentication, users will need to provide multiple pieces of information to log in. This makes it harder for hackers to access.
  • Protect your domain: Cybercriminals can create accounts that look similar to your domain name, so it's best to register any similar domains to prevent this.
  • Don't reply to emails directly: If you can't verify the authenticity of an email, don't reply directly. Rather, forward the email and manually input the sender's email address.
  • Set up processes: It should be mandatory for employees to confirm email requests with someone internally before making wire transfers or supplying confidential information.
  • Learn client habits: It's usually a bad sign if a client suddenly appears to change their business practices. For instance, if they ask you to use their personal email address when all communication has previously gone through their company email address, you need to verify this directly with the sender using a different contact method.

Learn more about how to prevent business email compromise

Cybercrime is constantly evolving, so you must stay in the know. 

Visit the Egress phishing hub to read expert advice and learn more about the latest email scams. Protect yourself and your data today.

You might also be interested in ...

What is account takeover (ATO)?

What exactly is account takeover? Find out more about this dangerous outcome of phishing and learn how to protect your business.

What makes an anti-phishing solution intelligent?

Many solutions on the market claim to be intelligent. Find out how to tell whether they really are. 

What’s the difference between spam and scam emails?

Spam emails can definitely be annoying - but they have some key differences with phishing scams.