Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Microsoft

What Is Business Email Compromise (BEC)?

Quick Answer

Business Email Compromise is when attackers impersonate trusted people—your CEO, a supplier, a colleague—to trick employees into transferring money, paying fake invoices, or sharing sensitive data. It's fraud through email, not malware.

Quick answer: Business Email Compromise is when attackers impersonate trusted people—your CEO, a supplier, a colleague—to trick employees into transferring money, paying fake invoices, or sharing sensitive data. It's fraud through email, not malware.

How BEC Works

Step 1: Research Attackers study your organisation. LinkedIn, your website, news articles. They learn who's who, who reports to whom, who handles money.

Step 2: Impersonate They send emails appearing to come from someone trusted:

  • Your CEO asking finance to make an urgent payment
  • A supplier requesting bank detail changes
  • A colleague asking for help while travelling
  • A partner requesting sensitive information
Step 3: Create Urgency "I'm in a meeting, handle this now." "This needs to happen before end of day." "Keep this confidential—don't discuss with others."

Step 4: Profit Money transfers to attacker-controlled accounts. Invoices paid to fraudulent details. Gift cards purchased and codes shared. Data sent to attackers.

Why It's Effective

No malware to detect. These are just emails. No malicious attachments, no suspicious links for security tools to catch.

Exploits trust. You trust your CEO. You trust your suppliers. Attackers exploit that trust.

Exploits authority. People don't question requests from senior executives. Attackers use that deference.

Exploits urgency. When something's urgent, people skip verification steps. Attackers create artificial urgency.

Common BEC Scenarios

CEO fraud Email from "the CEO" to finance asking for urgent wire transfer. Often targets companies during travel or out-of-hours.

Invoice fraud Email from "a supplier" with new bank details for future payments. Real supplier never sees the money.

Payroll diversion Email from "an employee" to HR requesting direct deposit changes. Salary goes to attacker's account.

Data theft Email from "HR" or "an executive" requesting employee W-2s, customer lists, or other valuable data.

Why Technical Controls Aren't Enough

DMARC helps but doesn't stop everything. Attackers use lookalike domains (deadslmplecomputing.co.uk) or compromise real accounts.

Email filtering can't stop legitimate-looking emails. There's no malware to detect, just requests that seem reasonable.

Training helps but people still get fooled. Especially under pressure, during busy periods, or when requests seem plausible.

What Actually Works

Verification processes:

  • Callback verification for payment changes (call the supplier on a known number—not from the email)
  • Dual authorisation for large payments
  • Out-of-band confirmation for unusual requests (pick up the phone, walk to their desk)
Email security:
  • DMARC enforcement (stops basic spoofing)
  • Impersonation protection (flags lookalike domains)
  • External email warnings (banner on emails from outside)
Awareness:
  • Staff trained to recognise BEC patterns
  • Culture where verification isn't awkward
  • Specific training for high-risk roles (finance, HR, executives)
Process discipline:
  • No exceptions to verification for "urgent" requests
  • Written authorisation for bank detail changes
  • Segregation of duties for payments

What We Do

Our email security includes impersonation protection—flagging emails that appear to come from executives or use lookalike domains.

We also help clients implement verification processes. Technical controls aren't enough; you need procedures that staff actually follow.

---

about email security and verification processes.

---

Related Questions