• Demystify Cyber

Fact Sheet - Business Email Compromise

Updated: Mar 23

Business Email Compromises (BEC) are a type of email based fraud where a criminal sends an email, impersonating a business’ CEO/ Executive Manager, business entity, or a colleague, attempting to trick the recipient into paying a faked invoice, buy gift cards, or alter payroll details.


These emails are crafted to appear genuine and do not contain malware so they can often bypass technical cyber security controls.


The emails are either spoofed to appear as from the Manager/vendor/colleague or are sent

from a compromised business email account. The initial email contact from the scammer

may use subject lines such as ‘are you available’, ‘urgent payment needed’, ‘can you do me

a favour’, ‘a request’.


As the email appears to be genuine, urgent, and often sent from what appears to be an authority figure, the recipient is more likely to comply with the request in the email without

questioning it.


Stay safe from BEC


1. If there is a request for bank account changes, do not respond to or action the email from

a mobile device. Look at the email from a computer and check the actual email address

rather than the sender name.


2. Double-check the sender’s email address. A spoofed email address often has an

extension similar to the legitimate email address. For example, a legitimate email address

could be jsmith@abc_company.com versus a fraudulent version that looks similar which

could be sent from a free email address jsmith_abc-company@gmail.com.


3. Check the person’s phone number on your corporate system, or via a reputable phone

directory, and contact them to ask for validation of the request.


4. Forward to the email address you know for a person rather than replying to the original

sender.


5. If you are an employee and receive a notification about a bank account change you have

not authorised contact your payroll area immediately.


……………………………………………………………………………………………………………

What to do if you are a victim of cybercrime


• Australia, please report the matter via https://www.cyber.gov.au/report

• UK, please report via report.ncsc.gov.uk

• USA, please report via https://www.ic3.gov/

____________________

Written by A. Turner

© A. Turner 2021 https://www.demystifycyber.com.au/

Provided for general information and education purposes

41 views0 comments

Recent Posts

See All