Business Email Compromise

October 18, 2018 / GuidesFor Team

Business Email Compromise: How To Protect Yourself from Its Threat

Business email compromise is an emerging scam that appears to be more dangerous than your usual phishing attack. First, it is carefully targeted at executives and decision-makers. Second, cyber hackers use this strategy to obtain huge amounts of money. Third, the information crafted in the email attacks has been thoroughly researched and written that it’s almost hard to distinguish them from the real email addresses of the persons they are impersonating.

That’s the key element to remember about business email compromises. They impersonate VIP’s like your CEO, CFO, your immediate boss, and your favorite client in order to galvanize you into action. They usually are ordering you to click on another link where you can transmit considerable funds for a supposed important operation. They address you by name and make references to joint activities that you and your VIP do together. That’s why when this email comes in, supposedly from the VIP or the highest-ranking person above your chain of command, you don’t think twice about obeying their instructions. That’s when fraud happens, resulting in your organization getting robbed.

Phishing looks sloppy by comparison as it usually comes across as a generic email that is sent to almost everybody. It also just asks you to click on a link which may not be urgent and which you must might postpone doing. That’s not the case with business email compromise. Its message is masked as urgent and your boss (or higher-up) is in  a make-or-break situation. It’s hard to say ‘no’ to this kind of instruction and that’s what the thieves are counting on.

According to eWeek, corporate America has lost $5.3 billion to business email compromise attacks and the numbers are still rising.

Fortunately, while the strategy is smart and the attack is relentless, business email compromise is still far from being infallible. All it will take for you to spot and prevent it is exercising your observation processes and placing a restraint on your instinct to hit the ‘reply’ button.

Trend Micro gives the following tips that will stop you from becoming a casualty of this kind of scam:

Always be suspicious of any urgent or emergency email that asks you to transmit or send funds, especially if they are scaling up into thousands of dollars. Seek verification from the person who is supposedly instructing you to do so (and who the hacker is impersonating). For example, if your boss is out of town on business and you suddenly get an email asking you to wire him $50,000 ASAP, it wouldn’t hurt to contact him to double-check. Avoid using email because the hacker can trace this. Use more secure methods like private messengers or text messages. Calling him personally and clearing things with him might be the most effective way.

If the VIP can’t be reached, get a second opinion from another person who is also a higher authority, like the Chief Finance Officer or the Accounting Head.

Double-check the email address of the sender who just sent your request. Take a good look at your list of contacts and compare the VIP’s address on your list with that in the current email. Sometimes, all it takes is one false letter to reveal the scam. For example, your VIP’s email address is, but the email address that has that urgent message spells That’s a red flag right away.
Employ email security solutions. It would serve you and your organization well to deploy these automated security software that acts as your first line of defense. Email security solutions scan dangerous attachments, pick up anomalies, and can detect all those red flags that characterize a business email compromise, and which you just might miss.

Posted In: