Reducing Business Email Compromise Risks

Craig Atkins • November 9, 2022

Take a read to find out how to reduce your risk of business email scams.

REDUCING BUSINESS EMAIL COMPROMISE RISKS  

 

 

You’ve probably heard the classic business email compromise (BEC) scam about foreign princes who want to deposit money in people’s bank accounts but first need their prey to send them money to make it all work to plan. It’s an oldie but a goodie. Unfortunately, it’s also one that keeps reinventing itself along with another batch of unwitting victims. In fact, it happens so often, BEC scams currently outdo ransomware as the most damaging cyberattack in the world. 

 

In fact, according to the FBI’s Internet Crime Complaint Center (IC3), in 2021, losses from BEC exceeded $2.4 billion. Using tactics that play off real-time world events, such as COVID or the trust of established interpersonal relationships, criminal elements have managed to stay ahead of the good guys with increased sophistication and swiftness. 

 

  • Healthcare providers deceived by criminals posing as trusted vendors with access to much-needed personal protection equipment 
  • A large social media firm handed over personal payroll information about employees to an individual they thought was their CEO 
  • A non-profit organization was fooled into transferring a large loan to a business partner right into the hands of the threat actor   

 

To protect yourself and your business from these types of attacks, employee education is essential. For example, if someone in your accounts payable department receives an email from a business partner requesting you alter established wire transfer information, be sure your staff is trained to recognize the request as a red flag and confirm directly with their point of contact details of the change. It seems second nature, but when people are busy and working against deadlines, it’s easy to miss a well-disguised ruse.   

 

From a defence in-depth perspective, it’s also essential to ensure you have a layer of threat detection in place to help identify malicious behaviour, alert of the threat, and inform the correct response and remediation measures. This would include: 

 

Monitoring for anomalous behaviour, both on-premises and in the cloud  

BEC threats rely on looking like normal user activity. With an increase in remote work, companies are relying more on cloud services like Microsoft® Office 365® which puts data into a complex environment that's often under-protected. Once threat actors can get access to Office 365, getting to the juicy data is just a few clicks away. Traditional perimeter security tools, such as firewalls, aren’t able to monitor suspicious activity in cloud-hosted applications like Office 365, SharePoint, or OneDrive. The same applies to monitoring of your endpoints for suspicious activity. If a threat actor slips past perimeter defence and acquires user credentials, it will be difficult to identify threats that appear as typical activity. 

 

Having the right IT Support

Having a pro-active IT Support provider means your cybersecurity environment is being monitored constantly. Automatic alerts are sent to your provider if something suspicious happens, meaning they can investigate straight away, before you even know something has happened!


 

While there are many aspects to improving your defence in-depth, the following from the FBI act as good and effective tips to share with employees to help elevate everyone’s awareness of how to avoid business email compromise attacks.  


  • Be sceptical—Last-minute changes in wiring instructions or recipient account information must be verified. 


  • Don't click it—Verify any changes and information via the contact on file—do not contact the vendor through the number provided in the email. 


  • Double check that URL—Ensure the URL in the email is associated with the business it claims to be from.


  • Spelling counts—Be alert to misspelled hyperlinks in the actual domain name. 


  • It's a match—Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it's coming from. 


  • Pay attention—Often there are clues with business email compromise, for example:


- An employee who does not normally interact with the CEO receives an urgent request from them 


- Data shows an employee is in one location at 1 p.m. but halfway around the globe 10 minutes later


  • Active activity from an employee who is supposed to be on leave 


  • If you see something, say something—If something looks odd, report it to your managed service provider (us!).





To learn more about business email compromise threats and defence against them, give us a call and let’s discuss. 


Join Our Mailing List

All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.

IT Support Services
Cybersecurity Deep-Dive
IT Cloud Migration Service

Recent Blogs

Photo of Craig Atkins with the Event title and Date written next to him

Join our exclusive AI Security Roundtable

By Jess Dugdale June 17, 2025
In a world where AI is changing how we work and compete, security is more important than ever. We are gathering industry leaders and AI experts for a special roundtable event. This event will focus on a key topic: AI security.
AI image of a team of people working at a desk looking at devices. Microsoft 365 logo is shown

What Does Microsoft 365 Business Basic Include?

By Craig Atkins June 5, 2025
Microsoft 365 Business Basic offers a range of cloud-based services designed to empower businesses to work smarter and more efficiently. Let's delve into what this package includes and how it can benefit your organisation.
AI image of two office workers looking at each other. The words DMARC,

Join Our Upcoming Webinar on DMARC with Experts Elliot Wilkie and Craig Atkins

By Jess Dugdale June 2, 2025
We’re excited to announce an informative webinar featuring Elliot Wilkie from Brigantia and Craig Atkins from 1-Fix, diving deep into the world of DMARC on 8th July at 2 PM . This is an essential session for anyone looking to secure their email communications, understand DMARC compliance, and enhance their email deliverability.
AI image of a group of people working and looking at one screen in the middle.

7 Key Benefits of Using Office 365 for Business

By Jess Dugdale May 30, 2025
Businesses are constantly seeking ways to enhance productivity, collaboration, and security, all whilst managing costs effectively. Microsoft Office 365 presents a comprehensive solution that caters to these needs. Here’s a breakdown of the seven key benefits of using Office 365 for your business.
Paper cut outs of hands with hearts on them

Important Changes for Nonprofits: Microsoft 365 Business Premium Licenses Discontinued

By Craig Atkins May 21, 2025
In recent news from Microsoft, there’s significant information affecting charity organisations that rely on Microsoft 365 for their everyday operations. Microsoft has announced that it will be discontinuing the Microsoft 365 Business Premium grant, which currently provides 10 free licenses to nonprofits, with termination slated for March 8, 2026 . Therefore, charities currently benefitting from this grant must prepare for upcoming changes.
AI image of a work team on a desk working on computers with the Microsoft Office 365 logo on

Why should businesses migrate to Microsoft Office 365?

By Lee Dugdale-Shutts May 12, 2025
Staying efficient and connected has never been more important for businesses. With the increasing demand for remote work solutions and collaborative tools, migrating to Microsoft Office 365 is becoming an essential strategy. In this blog post, we’ll explore the many benefits of Office 365 migration, how 1-Fix can assist you in the process, and how swift and seamless this transition can be.
Show More