Business email compromise and the dangers they bring

30 Mar 2023

Business Email Compromise is a tactic developed and adopted by cyber-criminals who aim to defraud small to medium businesses and/or their consumers. In summary, it is when cyber-criminals gain access to the email addresses of businesses and use that emailing platform to pass themselves off as being that business.

How are the emails compromised and who is targeted?

Cyber-criminals gain unauthorised access by stealing or capturing user details through various means by tricking business users to disclose their emails. For example, it may sometimes be the case that cyber-criminals gain access to trusted emails and demand immediate payments to or from suppliers. Another example is when cyber-criminals impersonate a trusted supplier, or personnel in the business, and demand or “authorise” immediate payment to be made to a certain bank account.

Because of the impersonation and/or the emails which appear to look trustworthy, the fraudsters are able to cause money to be paid to themselves. For this reason, the ideal target for fraudsters has been small to medium businesses.

What are the possible dangers of Business Email Compromise?

Fraudulent misrepresentation leading to financial losses is one of the most obvious consequences. However, Business Email Compromise may also cause leaks of personal information of persons who interacted with the compromised email, which gives the fraudster access to other persons’ accounts, profiles or the like. As one can imagine, the consequences of the latter can lead to social breaches and even reputational damages.

How to detect if you are a victim of a possible Business Email Compromise attack

The clearest indicator of a Business Email Compromise attack is any bizarre emailing behaviour. For example, if you notice that there are unfamiliar activities in your sent box or spam box, someone may have compromised your email address. Another indication is if you receive various complaints about emails which you or your company has allegedly sent, or if you lose access to your email or profile because the password does not seem to match the email.

Conclusion

Exercising due diligence is central to protecting yourself. It is advisable that you train your staff to detect suspicious emails or requests. It is vital to be careful of your online security as you would your home. If you have fallen victim to the cyber-crime of Business Email Compromise, it is advisable that you take immediate action and report the activity to your nearest police station for investigation.

Written by Yasmina Poudja Griesel, candidate attorney at SchoemanLaw Inc.

See also:

• Don’t become a victim of cybercrime and EFT fraud…again!
• Cybercrime: Business email compromises
• The role of directors in the age of cybercrime
• Dealing with fraud as a result of identity theft

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)