Spot commons scams

Business compromised email
Fraudulent email requesting an urgent payment

What is a business compromised email scam?

A business email compromise (BEC) is a scam that attempts to deceive victims into sending money. The fraudulent email appears to come from senior people within your business, clients, employees or supply chain partners requesting urgent payment.

How does this scam work?

There are several ways for attackers to get access to a legitimate mailbox, so they can send these fake emails. Tactics include a password spray, an attack that attempts to access many accounts with a few commonly used passwords, or the use of malware and phishing.

Successful attacks allow fraudsters to intercept emails between two parties by accessing the company’s account or impersonating a client or other firm.

The purpose of these scams is to look as if they come from a genuine sender. When the customer pays the invoice, the money goes straight to the fraudster’s account. Common examples of this scam:

  • A fake invoice from a supplier asking for payment
  • An email connected to a sale of a property, which requests the proceeds of sales funds to be paid to a ‘new’ account
  • An email from an executive asking an employee to make an urgent payment

What to look out for?

  • Be vigilant, check and challenge any requests, even if they come from someone senior.
  • Make sure all staff are aware of this type of fraud and help them to stay vigilant, including the senior directors and CEO. Make sure staff feel able to approach senior people to verify if a request is genuine.
  • Have a documented process for the arrangement of payments. Any requests outside of this process, particularly if they are by email, should be treated as suspicious until verified with the individual directly.

Always think twice and make double checking second nature

Actions you can take