top of page

What is Business Email Compromise (BEC)?

In today's digital world, business communication is often done via email. It offers an easy way to quickly communicate and gives you an online paper trail when it comes to clients/customers, business deals, and more.

Unfortunately, email is one of the biggest targets for cybercriminals. One such threat is known as Business Email Compromise (BEC). It’s a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds or revealing sensitive information.

Criminals are becoming more sophisticated with how they use BEC so it can be difficult to spot. In this blog we go over what to look out for and how you can prevent yourself from falling victim to this type of scam.

How are business email compromise attacks carried out?

BEC attacks are carried out in several different ways so it’s a good idea to familiarise yourself with the different methods so you can spot a potential attack.

Email spoofing

This is a pretty common one and one we’ve all likely seen or experienced in our personal lives. Attackers create fake email addresses that appear to belong to legitimate organisations or executives. They manipulate the "From" field to mimic trusted individuals within the target organisation, making it difficult for recipients to identify the fraudulent nature of the email.

Social engineering

BEC attackers often do their research when targeting an individual and then employ a sense of panic, hierarchy, or urgency to get the victim to comply. They’ll commonly impersonate executives and employees in order to confuse the victim.

Invoice fraud

Attackers pose as vendors or suppliers and send fraudulent invoices, payment requests, or change of bank details. The invoices look identical to legitimate ones, but the bank account details are altered to divert funds into the attacker's account.

A cautionary example

To show you these methods in action, we’ve got a real example of a company falling prey to BEC.

After attackers gained access to an employee's email, they chose a specific customer of the company and set-up redirect rules to send all emails from them to RSS Feeds. They then sent the customer emails requesting a change of bank details, after which they sent invoices, followed by urgent reminders.

The customer they had targeted was a large household name industry supplier. It’s likely they targeted them in the hope that the company was so big no one would follow up on this change and instead would just action the invoices.

When carrying out this attack, they were very careful to keep fake details as close to the real company’s details as possible. They opened bank accounts in almost the same name, the new details were Company Name Limited whereas the actual company is Company Name, Ltd. The bank even approved the creation of these accounts and wouldn’t take action when contacted by the victim.

The only reason the attack was caught is due to the customer ringing the company to confirm that the bank details were changing. Fortunately, this call alerted the company to the attack, but if the customer had actioned the invoices, no one at the company would have been any the wiser.

So how can you prevent these attacks?

The above example demonstrates just how easy it is to fall victim to one of these attacks and how you can have no knowledge that it’s taking place. Luckily there are steps you can take to ensure this doesn’t happen to your own business.

Educate your employees

This is a simple yet vital step in helping to prevent cybercrime from affecting your business. Employees should be trained to identify suspicious emails, verify the authenticity of requests, and report any suspicious activity promptly. Encourage a culture of enquiry and make sure they understand you’d rather anything that doesn’t look quite right was double checked.

Make sure your emails are secure

This is an obvious one but make sure your email security measures are robust. Use measures such as multi-factor authentication, email encryption, and advanced spam filters to prevent attacks.

Put secure payment processes in place

Establish and follow strict payment verification procedures. Employees responsible for processing payments should be required to verify payment requests through a separate channel, such as a phone call using a number held on file, to confirm that anything to do with payments or bank details is legitimate.

Look at the language that is used

Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours'. Attackers will try and encourage you to act in a panic, so you don’t have time to look logically at the request, so it’s important you pay attention to anything that encourages this.

Verify authenticity

Verifying the authenticity of customers, suppliers, etc is essential. Take the time to double check email addresses, attackers will often create email addresses that look very similar but will have minor differences. You can also look at the graphics used in emails. Again, attackers will try to make any logos as similar as possible, but they will often lack the same quality, which can be another indicator of a cyber attack.

Incident report plan

If the worse should happen and you do become a victim of a BEC attack, it’s important you have a response plan in place to minimise its impact. This plan should outline the steps to be taken in case of a suspected or confirmed attack, including notifying relevant stakeholders, isolating affected systems, and engaging law enforcement agencies.

Get in touch today to boost your cyber security and protect your organisation.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page