Business Email Compromise (“BEC”) is a new tactic developed and adopted by cyber-criminals who aim to defraud small to medium businesses and/or their consumers. In summary, it is when cyber-criminals gain access to the email addresses of businesses and use that emailing platform to pass themselves off as being that business. 

How are the emails compromised and who is targeted?

Cyber-criminals gain unauthorised access by stealing or capturing user details through various means by tricking business users to disclose their emails. For example, it may sometimes be the case that cyber-criminals gain access to trusted emails and demand immediate payments to or from suppliers. Another example is when cyber-criminals impersonate a trusted supplier, or personnel in the business, and demands or “authorise” immediate payment to be made to a certain bank account.

Because of the impersonation and/or the emails which appear to look trustworthy, the fraudsters are able to cause money to be paid to themselves. For this reason, the ideal target for BEC fraudsters has been small to medium businesses.

What are the possible dangers and of BEC?

Fraudulent misrepresentation leading to financial losses is one of the most obvious consequences, however, BEC may also cause leaks of personal information of persons who interacted with the compromised email, which gives the fraudster access to other persons’ accounts, profiles or the like. As one can imagine, the consequences of the latter can lead to social breaches and even reputational damages.

How to detect if you are a victim of a possible BEC attack:

The clearest indicator of a BEC attack is any bizarre emailing behaviour. For example, if you notice that there are unfamiliar activities in your sent box or spam box, someone may have compromised your email address. Another indication is if you receive various complaints about emails which you or your company has allegedly sent, or if you lose access to your email or profile because the password does not seem to match the email.


Exercising due diligence is central to protecting yourself. It is advisable that you ensure that you train your staff to detect suspicious emails or requests. It is vital to be careful of your online security as you would your home. If you have fallen victim to the cybercrime of BEC, it is advisable that you take immediate action and report the activity to your nearest police station for investigation.