Email security

What is business email compromise (BEC)?

Published on 25th Jun 2021

Phishing attacks target organizations of all sizes and are increasingly more common, sophisticated and damaging than ever before. That's why it's essential to keep your finger on the pulse of the latest phishing methods. 

business email compromise (BEC) has proven to be extremely costly to companies, with 96% of phishing attempts delivered by email. According to the FBI, BEC attacks caused over $1.8 billion worth of losses to businesses last year. Organizations must prioritize the safety of their email systems if they hope to avoid becoming the victim of a BEC attack.

In this article, we'll explore what business email compromise is, what signs to look out for and how you can prevent an attack.

What is business email compromise?

Business email compromise, otherwise known as 'BEC', is a scam that tricks employees into taking actions such as making a wire transfer, giving away confidential information or providing funds for a fictitious project. 

Hackers compromise senior leaders' corporate email accounts or create new accounts that are very similar to the authentic ones. They then impersonate the account owners and email potential victims.

How business email compromise attacks happen

Unlike other forms of phishing emails, BEC attacks are highly targeted and require scammers to do some research to maximize their success rate. Unfortunately, this upfront research seems to have the intended result, with over 74% of US organizations having experienced a successful phishing attack. 

Because these phishing attempts rely heavily on social engineering, rather than malware, BEC attacks can often bypass security systems that look for the usual malicious attachments, content or behavior. 

US money transfer company, Xoom Corporation, became the victim of a BEC attack in 2014. A series of spoofed emails that impostors sent to the finance department asking for money transfers cost the business $30.8 million in losses.

Signs of business email compromise

Business email compromise relies on workers being busy and skim-reading emails, so everyone must be aware of the tell-tale signs. Here are some of the most common indicators that you've been targeted:

1. Senior leaders making unusual requests: Most of us will respond promptly to an email from a manager or someone in the c-suite. But is their request out of the ordinary? It's unlikely that the CEO will need you to transfer funds directly into an account, for instance, so take some time to consider the validity of the request.

2. Confidentiality requests: Cybercriminals impersonating someone will often ask the recipient to keep the request to themself and only communicate with the sender via email.

3. Requests that bypass normal channels: Many businesses have systems through which all payments must be processed, regardless of their urgency. However, BEC attacks will attempt to bypass this. For example, they may ask for a direct wire transfer.

4. Content issues: Take a close look at the content. Is it in broken English (when the sender's first language is English)? Are they using European date formats (day, month, year)? If so, treat the email with some suspicion. 

5. 'Reply To' addresses that don't match the sender address: Differences may not always be immediately obvious but it's a good idea to look closely at the email address. They may be using lookalike domains to fool recipients - e.g., rather than

How to prevent business email compromise

Although some BEC attacks manifest themselves as a result of malware, the majority of them rely on social engineering alone. This means that antiviruses, spam filters or other common security techniques won't work in this case. 

Instead, here are some protection strategies you should consider putting in place:

  • Avoid using free email accounts: It's best to have a company domain name as this will make it harder to impersonate.
  • Enable multi-factor authentication: Multi-factor authentication will require users to provide two or more pieces of information to log in, making it more difficult for hackers to gain access.
  • Don't open emails from unknown parties: If you do have to, don't open attachments directly on your device as they can install malware.
  • Secure your domain: Even if you have a custom company domain, cybercriminals could make similar-looking ones. It's a good idea to register any similar domains to lower the risk of this happening.
  • Forward emails instead of replying: If you're not sure of the legitimacy of an email, don't hit 'reply'. Instead, forward the email and manually type in the sender's correct email address. 
  • Put processes in place: Make it compulsory for employees to confirm email requests internally for wire transfers or confidential information. 
  • Know your clients' habits: If a client suddenly changes their business practices, this could be a suspicious sign. For example, if someone asks you to begin using their personal email address when previous correspondence has been through company email, you should verify this directly with the sender using another method of contact.

Learn more about how to prevent business email compromise

Cybercrime is constantly evolving, so you must stay in the know. 

Visit the Egress phishing hub to read expert advice and learn more about the latest email scams. Protect yourself and your data today.

You might also be interested in ...

Email security
Five top tips to avoid spear phishing attacks

Discover our top five tips for protecting your business from spear phishing attacks.

Phishing Blog 555X300
Email security
How to spot a phishing email?

Check out our latest infographic for a 101 on the different types of phishing emails and how to spot one when it lands in your inbox.

Email security
What happens if I click a phishing link?

If the worst case happens and you end clicking on a phishing link, it's vital to know the goals of the cybercriminals behind the phishing email.