What it is

Business email compromise is when an attacker gets access to an employee’s email account without their permission, to carry out attacks or scams. 

How it works

The most common way business email compromise happens is when a scammer gets access to an employee’s email password. They can access passwords in a number of ways including:

  • guessing or code cracking weak passwords
  • finding passwords in credentials dumps
  • collecting account login information through phishing campaigns.

The risks

Business email accounts usually hold a lot of information about billing cycles and bank accounts, and often have large contact lists. Once a scammer has access to an email account, they can use it for a range of attacks or scams including:

  • invoice scams – these are common and involve sending fake invoices pretending to be from a business
  • intercepting legitimate invoices and changing the payment details to redirect payments to their bank account
  • sending phishing emails
  • sending malware .

Business email compromise can affect small companies through to large organisations, and result in loss of finances and private information. It can impact both the business and their clients. It can also cause reputational risk.

Protecting your business against email compromise

Always verify emailed payment requests with an text or a call to the person or business who sent you the invoice.

Sign up
Sign up for news and updates from SamCERT.