Skip links

How To Fight the Rise in Business Email Compromise

Tier3 Featured Image 1

Email continues to play a key role in our personal and working lives. However, as the digital world evolves, so too have cyber threats. In the realm of email, Business Email Compromise (BEC) is one of the key routes that cyber criminals use to exploit people and businesses for personal gain.  

BEC is important to pay attention to, as these attacks have been on the rise. BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat. BEC includes phishing, which is one of the most common and successful forms of cyber attack that are used against businesses.  


What is Business Email Compromise (BEC)? 

BEC is a type of scam where criminals use email fraud to target victims to undertake an action. The target could be an individual or a business.  

The scammer will try to pose as an authoritative figure to create a false sense of trust and urgency. For example, they may pretend to be an executive or another business. Scammers try to send emails to employees, customers or vendors in order to exploit them into giving sensitive information or to make a payment.   

According to the FBI, BEC scams cost businesses around $1.8 billion in 2020. This figure increased to $2.4 billion in 2021. These scams have the potential to cause severe financial damage to businesses and can harm their reputations greatly.  


How Does BEC Work? 

BEC attacks are undertaken in many forms, ranging from rudimentary emails to more sophisticated and convincing attacks. A sophisticated attacker will firstly research the target organization and its employees, which will enable them to craft an attack that stands a chance of success.  

Scammers will begin to collect intelligence via free online sources, such as LinkedIn, the websites of organizations, and Facebook. Once an attacker has enough information, they can create a convincing email that will try to impersonate an authoritative figure to the recipient.  

If the email makes it into the recipient’s inbox, they will open it to find an urgent request, such as to give certain details or to click on a link. These attacks will often use social engineering techniques to create a false sense of trust, this could be a convincing email address or a website that successfully mimics the website of the impersonated person’s company.  

If the recipient falls for the scam and takes the requested action, then it is likely there will be a compromise of sensitive information and/or a loss of funds.  


How to Fight Business Email Compromise 

BEC scams can be challenging to prevent. However, there are measures that businesses and individuals can take to minimize the risk of falling victim to them.

Educate Employees 

Organizations should educate their employees about the risks of BEC. This includes providing user awareness training to identify and avoid these scams. Employees should be aware of the tactics used by scammers. For example, urgent requests, social engineering, and fake websites. 

Training should educate users about ensuring email account security, including: 

  • Checking the sent folder regularly for any strange messages 
  • Using a strong email password with at least 20 characters, including capital letters and special characters 
  • Ensure that users lock their computer when it is not in use, and that they log out of webpages that use their username and password for verification 
  • Changing their password whenever a breach is suspected 
  • Storing their email password in a secure, encrypted manner, like a password manager. Do not store passwords in word documents or excel spreadsheets  
  • Ensuring that all passwords are unique and are not shared with any other websites or people 
  • Enabling Multi-Factor Authentication for every login  
  • Notifying an IT contact if they feel that an email is suspicious 


Enable Email Authentication 

Organizations should implement email authentication protocols.  

This includes: 

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC) 
  • Sender Policy Framework (SPF) 
  • DomainKeys Identified Mail (DKIM) 

These protocols help to verify senders’ addresses and reduce the risk of email spam. Another benefit is that these measures will reduce spam-worthy emails from landing in your inbox. 

Deploy a Payment Verification Processes 

A payment verification process provides a final safeguard in the case where a user has fallen for a scam. Payment verification can include two-factor authentication and especially ensuring that confirmation is made by multiple parties.  

This helps to ensure that all wire transfer requests are legitimate. It’s always better to have more than one person to verify a financial payment request. Also, by designating a secondary person to review transactions before processing the payments you can help to cut down the chances of fraud.

Check Financial Transactions 

Organizations should check all financial transactions regularly to look for irregularities, such as unexpected wire transfers or changes in payment instructions. With a schedule, you can ensure this is carried out regularly and is being monitored for oversight. 

Establish a Response Plan 

A response plan for BEC incidents will give a plan of action in the case where these attacks are successful. This can include how to report the incident, measures for freezing or taking back the transfer, as well as a process for notifying legal authorities. 

Use Anti-phishing Software 

Businesses can use anti-phishing software to detect and block fraudulent emails. As AI and machine learning gain widespread use, these tools will become more effective at detecting phishing emails.  


Tier3 IT Solutions – your new IT Support Provider in Edmonton  

As the leading IT support company in the area, Tier3 IT offers comprehensive solutions tailored to meet the unique needs of businesses. With our experienced team of skilled technicians, prompt help desk support and proactive approach to IT management, Tier3 IT ensures that your technology infrastructure is in capable hands. From network monitoring and cybersecurity to cloud services and data backup solutions, Tier3 IT has you covered. Experience unmatched reliability and efficiency with Tier3 IT. Contact us today! 

Jesse Hill


When you entrust your business to an I.T. company, it should be more than a contract – it should be a relationship built on the assurance that your I.T. advisors are ready to help in any situation. As the owner of Tier 3 I.T. Solutions, Jesse is familiar with key business operations and strives to assess challenges within businesses and find opportunities for growth. He has a constant curiosity and drive to help cut down on operations costs and take away the frustration of technology. Keeping his customers happy motivates him to develop detailed technological strategies to assist with business development. Jesse knows that technology isn’t the answer for every problem, and strives to bridge the gap between problem solving and implementation of best practices.