HomeGuidesWhat is business email compromise?

    What is business email compromise?

    Published on

    Latest articles

    When you´re running a business, one of the most frequently used methods of communication is email. It’s fast, efficient, and can be used to send large files. However, so much communication and data being forwarded via email can be a target for hackers. Think about it: Companies share most of their information, and very often confidential or personal data, through this channel. It’s a cyber hack waiting to happen.

    That’s why taking the proper steps to protect your company’s email account from hackers is essential. To ensure your accounts are monitored, Guardio prevents any data breach that can put your privacy at risk or cause identity theft.

    BEC or Man-in-the-email attacks

    A business email compromise (BEC) attack, or man-in-the-email, is when a hacker gains access to an email account and uses it to send fraudulent emails to other employees or customers from a company. These types of attacks are on the rise, and they are becoming more sophisticated. In 2018, there were over 12,000 reported BEC attacks, and they resulted in over $675 million in losses. The average loss per incident was $140,000.

    Another way hackers commit BEC attacks is by creating an account with a similar email address to one used on the corporate network. They know that the victim would most likely trust any emails coming from what appears to be their coworkers.

    The majority of victims of  BEC attacks are generally employees working in the finance area, this is because they have access to delicate financial information and, most of the time, are able to do wire transfers to the hacker’s bank accounts. Protecting your email addresses with Guardio is the first step to preventing hackers commit BEC attacks in your company.

    Significant types of BEC scams

    • CEO and attorney impersonation: Hackers take advantage of the high-ranking executives in the company, so they choose to impersonate CEOs or lawyers. In this case, they send emails abording sensitive matters from the company to employees in finance to transfer money into the scammer’s account. These attacks usually occur via email or phone.
    • Fraudulent Invoice Procedure: This attack is very common for firms with foreign suppliers. Hackers impersonate the suppliers and ask for money transfers to pay outstanding debts into the hacker’s bank account.
    • Charge Compromise: The hacker sent invoices to the company’s vendors asking for payment. The payments were then directed to a fake bank account.
    • Information Stealing: Scammers target HR and accounting staff because they are easy prey for seeking access to personal or otherwise sensitive information about employees or executives. This data might be utilized in the future.

    How can you protect your business from email compromise?

    • Secure mail service: The best way to protect your business from email compromise is to have a secure email service. Guardio can provide you with the security you need to keep your business safe. With Guardio, you can track up to five different email addresses and receive alerts if any suspicious activity is detected. 
    • Implement color coding: To protect against phishing, for example, use different colors for emails sent from employee/internal addresses and emails sent from non-employee/external accounts.
    • Set strong passwords: Having strong passwords is key to protecting your business email accounts from hacks. Also, remember to update or change your passwords frequently. Guardio can alert you when it’s time to do so.
    • Operate Payment Verification: You can set the two-factor authentication when it comes to payments. This will ensure additional security. Set a phone verification that may require official company numbers to avoid transferring funds to a hacker´s account.
    • Information Leak Monitoring: One way hackers can access to your business emails accounts is by data breaches. When your data is stolen from a service you use, it might compromise your privacy. Guardio keeps track of past leaks and can notify you in the right moment so that you may respond promptly and prevent identity theft. With just one membership, Guardio may monitor up to five email addresses.


    Business email compromise is a big concern and risk for all types of businesses. By taking the proper precautions, you can protect your business from these types of attacks. Guardio can help you secure your business email accounts and prevent hackers from gaining access to your sensitive information. With Guardio, you can have peace of mind knowing that your business is protected.



    More articles

    ​​Credit Card Scams: How to Avoid Becoming a Victim

    As we move away from cash and toward credit card transactions, it's more important...

    Malware Protection Best Practices: Keep Your Devices and Data Safe

    Are you doing everything you can to protect your devices and data from malware?...

    How to Stop Phishing E-mails Before They Get to Your Inbox

    Phishing e-mails are a huge problem. They can be very costly for businesses and...