HomeGuidesWhat is business email compromise?

    What is business email compromise?

    Published on

    When you´re running a business, one of the most frequently used methods of communication is email. It’s fast, efficient, and can be used to send large files. However, so much communication and data being forwarded via email can be a target for hackers. Think about it: Companies share most of their information, and very often confidential or personal data, through this channel. It’s a cyber hack waiting to happen.

    That’s why taking the proper steps to protect your company’s email account from hackers is essential. To ensure your accounts are monitored, Guardio prevents any data breach that can put your privacy at risk or cause identity theft.

    BEC or Man-in-the-email attacks

    A business email compromise (BEC) attack, or man-in-the-email, is when a hacker gains access to an email account and uses it to send fraudulent emails to other employees or customers from a company. These types of attacks are on the rise, and they are becoming more sophisticated. In 2018, there were over 12,000 reported BEC attacks, and they resulted in over $675 million in losses. The average loss per incident was $140,000.

    Another way hackers commit BEC attacks is by creating an account with a similar email address to one used on the corporate network. They know that the victim would most likely trust any emails coming from what appears to be their coworkers.

    The majority of victims of  BEC attacks are generally employees working in the finance area, this is because they have access to delicate financial information and, most of the time, are able to do wire transfers to the hacker’s bank accounts. Protecting your email addresses with Guardio is the first step to preventing hackers commit BEC attacks in your company.

    Significant types of BEC scams

    • CEO and attorney impersonation: Hackers take advantage of the high-ranking executives in the company, so they choose to impersonate CEOs or lawyers. In this case, they send emails abording sensitive matters from the company to employees in finance to transfer money into the scammer’s account. These attacks usually occur via email or phone.
    • Fraudulent Invoice Procedure: This attack is very common for firms with foreign suppliers. Hackers impersonate the suppliers and ask for money transfers to pay outstanding debts into the hacker’s bank account.
    • Charge Compromise: The hacker sent invoices to the company’s vendors asking for payment. The payments were then directed to a fake bank account.
    • Information Stealing: Scammers target HR and accounting staff because they are easy prey for seeking access to personal or otherwise sensitive information about employees or executives. This data might be utilized in the future.

    How can you protect your business from email compromise?

    • Secure mail service: The best way to protect your business from email compromise is to have a secure email service. Guardio can provide you with the security you need to keep your business safe. With Guardio, you can track up to five different email addresses and receive alerts if any suspicious activity is detected. 
    • Implement color coding: To protect against phishing, for example, use different colors for emails sent from employee/internal addresses and emails sent from non-employee/external accounts.
    • Set strong passwords: Having strong passwords is key to protecting your business email accounts from hacks. Also, remember to update or change your passwords frequently. Guardio can alert you when it’s time to do so.
    • Operate Payment Verification: You can set the two-factor authentication when it comes to payments. This will ensure additional security. Set a phone verification that may require official company numbers to avoid transferring funds to a hacker´s account.
    • Information Leak Monitoring: One way hackers can access to your business emails accounts is by data breaches. When your data is stolen from a service you use, it might compromise your privacy. Guardio keeps track of past leaks and can notify you in the right moment so that you may respond promptly and prevent identity theft. With just one membership, Guardio may monitor up to five email addresses.


    Business email compromise is a big concern and risk for all types of businesses. By taking the proper precautions, you can protect your business from these types of attacks. Guardio can help you secure your business email accounts and prevent hackers from gaining access to your sensitive information. With Guardio, you can have peace of mind knowing that your business is protected.

    Latest articles


    More articles

    MFA at risk – How new attacks are targeting the second layer of authentication 

    Multi-factor Authentication (MFA) has remained one of the most consistent security best practices for...

    The ChatGPT Breach and What It Means for Companies 

    ChatGPT, the popular AI-driven chat tool, is now the most popular app of all...

    Prompt Injections – A New Threat to Large Language Models

    Large Language Models (LLMs) have increased in popularity since late 2022 when ChatGPT appeared...