Business Email Compromise: How to Recognize and Handle

Business email compromise is a highly specific and targeted tactic used in phishing emails for monetary gain. Would you rather learn how to spot one, or cost your company thousands? Hopefully, it’s the former because this blog shares insights into:

  • What is business email compromise?
  • How to recognize business email compromise.
  • 3 steps if you receive a fraudulent email.

What is business email compromise?

We hinted at it above yet let’s dive into what it is and how to recognize business email compromise. Business fraud (also known as CEO fraud or business email compromise) is when a business leader or executive sends an urgent request for an exchange of money with a third party. These requests often correlate to strategic events taking place in their personal or professional lives. Common requests include:

  • Pay unexpected invoice immediately
  • Wire a large sum of money to a third party
  • Buy 100 Apple gift cards from a specific link

In any case, large amounts of money are lost – and not retrievable. Since the monetary value is high, attackers spend time researching targets to create accurate asks that are relevant to operations or correspond to life events.

3 steps if you receive a fraudulent email

There are three best practices to do when you suspect business email compromise.

  1. Use common sense. If it smells like a fish, it is probably a phish.
  2. Do not reply or share any information.
  3. Call the sender directly or start a new email chain to confirm the requested action. It is better to follow up with the individual than to cost the company thousands of dollars.

Remember the goal of most malicious activity is financially based. Those in accounting, HR and management should be aware and educated on business fraud to prevent detrimental attacks. Business email compromise is a real threat, but one that can be minimized through training and simulated attacks. Educate your people, they are the last line of defense, let’s #BeCyberSmart. Ask Brite about KnowBe4’s effective security awareness training.

Scroll to Top