Preventing a Business Email Compromise Attack


Business email compromise (BEC) is a $26 billion problem.  An employee buys gift cards at the behest of the “CEO” and emails out the authorization codes.  A finance employee pays an invoice from a “trusted vendor”.  An HR employee opens a resume from a potential recruit.

Business email compromise can take many different forms, but ultimately allows threat actors to access legitimate user accounts, enabling them to steal money while under the radar. Would you know if a user’s account was hijacked? Here are 5 tips to help you respond quickly to a potential risk: 

  • Monitor for Unexpected Behavior 

With the increase in online work due to the pandemic, companies have been relying more heavily on cloud services. These services, such as Office 365, are often insufficiently monitored. Business email compromise poses itself to look like human activity in order to trick businesses. This makes security on cloud services vital, especially since traditional security measures such as firewalls aren’t able to monitor threatening activity in cloud environments.  

  • Get Alerted on the Legitimate Threats That Require Quick Responses

When a threat presents itself, quick response is crucial; therefore, an experienced and dedicated security staff is vital. There is much at risk when data is compromised, such as losing customer trust in your company, time, and money.  A team of security experts should practice active alerting, where they determine when an activity requires immediate attention and response.  

  • Have Visibility of Threats 

It is important to have insight into the threats and vulnerabilities that your customers face. Using a dashboard view, you should be provided with a profile by customer, client type, or client base. Letting your customers know of the types of threats you see often could mitigate the potential risk. 

  • Present Security Findings to Your Customers to Gain Respect

Contracts are often being re-examined, making it important to show your value as a company to your customers. Security is a business-critical effort. By providing your customers with a report demonstrating how you are protecting them from threats, they will recognize their need for your business. 

  • Support Monitoring With Your Existing Team

Make sure your team is well versed in the potential threats of business email compromise. You will need to be able to scale effectively as the move to cloud storage becomes more common. If you do not have current team members who have education and experience in the subject, outsourcing may be a good option. Support from a Security Operations Center, for example, can provide experts at a low cost to your business to allow your team to focus on their tasks without the risk of a security breach.  

Here at Simplicity VoIP, we hope to assist businesses in becoming more knowledgeable about potential threats such as BEC.  For more information on Simplicity’s approach to security, visit our Security webpage today.