Skip links

Phishing Phriday #17 – Business Email Compromise

Read more about Business Email Compromise

Unraveling Business Email Compromise: Protect Your Organization

Welcome back to our blog! Today, we’re diving into a critical issue that affects numerous organizations across the globe: Business Email Compromise (BEC). Understanding, identifying, and preventing BEC is essential for safeguarding your organization’s digital communication.

What is Business Email Compromise?

Business Email Compromise occurs when unauthorized individuals gain access to an email account or mailbox. This could happen through credential theft or accidental access provision. The simplicity of the definition belies the complexity and danger of such compromises, which can control and access confidential information improperly.

The Risks Associated with BEC

Often, BEC is the gateway to more severe cyber crimes like CEO fraud. The information contained within compromised email accounts can be exploited to masquerade as a legitimate part of the organization, such as accounts receivable. Malicious actors might then initiate transactions or refunds, diverting funds to their accounts instead of where they rightfully belong.

Identifying Business Email Compromise

Understanding what BEC is not is as crucial as recognizing what it is. For instance, receiving an email that appears to come from a trusted source but directs replies to a different email address upon closer inspection might not necessarily be a BEC but could be spoofing or phishing.

Business Email Compromise ranks among the top cyber threats due to its high frequency and impact. It’s lucrative for cybercriminals because of the valuable information accessible within an organization’s emails, which can be used to orchestrate believable scams.

Signs of Potential Compromise

  1. Misplaced Emails or Folders: Unexpected changes in your email folder structure or missing emails can be a sign of unauthorized access.
  2. Emails Marked as Read: If you notice emails being marked as read that you haven’t opened, this could indicate someone else has accessed your account.
  3. Unusual Email Replies: Receiving replies to emails you did not send is a strong indicator of compromise.

Protecting Against BEC

  • Verify Changes Urgently Requested via Email: If an email demands immediate action or payment, verify its legitimacy through multiple channels.
  • Reach Out Via Trusted Channels: If something feels off, confirm requests by reaching back through known and trusted communication channels, not the contact information provided in the suspicious email.
  • Education and Awareness: Regular training and updates about the latest phishing tactics can empower your team to recognize and respond appropriately to suspicious emails.


Business Email Compromise can lead to significant financial and reputational damage. By staying vigilant, verifying sources, and educating your team, you can protect your organization from these sophisticated attacks. Remember, when dealing with email requests that involve sensitive information or financial transactions, a cautious approach is always best.

Thanks for joining us in this discussion on Business Email Compromise. Stay tuned for more insights on protecting your business in the digital age. If you have any questions or need further assistance, don’t hesitate to reach out for professional advice. Stay safe and informed!

Watch our most recent Phishing Phriday videos here

president tier 818x1024 1

Hi, I'm Jesse and I look forward to speaking with you.

An IT Support partner that you can trust.

I’m proud of the team we’ve assembled and the service they provide to our clients.  It’s because of them that we’re able to make a positive impact in our clients’ businesses and the communities we serve.

Our clients run businesses that depend on technology to operate but don’t have the expertise in-house to manage all the aspects of their Information Technology.  Our unique service delivery model is focused on a business first approach whereby we seek to understand what you’re trying to achieve, and how technology can help you move closer to those goals.  I’d love to connect with you to talk about how we might be able to help you improve the Stability, Security, Strategy, and Supportability of your network.