Home Online Security Business Email Compromise

Cyber-attacks have increased steadily in recent years. With criminals constantly devising new ways to steal information and money, one of the newest emerging threats is Business Email Compromise

Also known as:

  • CEO Fraud
  • Chairman Fraud
  • President Fraud
  • Imposter email
  • Payment redirection
  • Whaling attack

How Business Email Compromise works

A fraudster emails a company's payments team, impersonating a contractor, supplier, creditor or even someone in senior management. The email might appear to be from the CEO, asking that an urgent payment be made, or from a supplier, requesting that future payments go to a new account. Often it instructs the recipient not to discuss the matter with anyone else.

Since the sender's email closely matches a known address, this type of fraud often goes unnoticed until it’s too late. Cybercriminals may even hack into a real email account - from which fraudulent communications are hard to identify.

Your information is valuable

The scam can appear even more convincing if thieves obtain information about a company's leaders and finance team, for example from the firm's website.

Social media posts may also tell them when senior staff are away from the office at meetings or conferences. Fraudsters see that as an opportunity to send their emails because it's difficult for the recipient to check whether the request is genuine.

Risks to your business:

  • Significant financial loss
  • Reputational damage

How to help keep your business safe:

  • Make sure your employees are aware of this type of fraud.
  • Implement an internal two-step payments verification process that includes a non-email check with the requester.
  • Phone the requester using a verified phone number to follow up an email request.
    • DON’T reply directly to the initial email.
    • DON’T use any phone numbers or other contact information included in the email.
  • Check email addresses match your internal records exactly.
  • Be on guard for payment requests that are unexpected or irregular, whatever the amount involved. If in doubt, don't make the payment.

If you suspect you have been the victim of fraud, contact your DSBC representative immediately.