Facts About Business Email Compromise Attack

business email compromise

Facts About Business Email Compromise Attack



In my previous article, I have talked about some of the facts that you need to know about phishing activities in a network security environment. In this article, I will be looking at all that you need to know about Business Email Compromise fraud. Follow me as we will look at that together in this article. 


Let’s delve into phishing, spearphishing, whaling, CEO Fraud and Business Email Compromise. Cybercriminals craft legitimate email looking that encourages people to take action, such as clicking a link or opening an attachment, which at first glance look like it is from an authentic financial institution, e-commerce site, government agency or any other service or business. 


These attacks collect personal, proprietary. and financial information, and can infect your machine with malware and virus. Often, hackers use domain-spoofing techniques. They masquerade as coming from a sender that you may know, in an effort to get you to supply sensitive information, such as your login credentials, account numbers, credit card numbers, and money transfers. Because these emails look as if they legitimately come from sources you trust, it can be hard to tell that they are fake. 

business email compromise

Cybercriminals rely on email to launch an attack because it continues to work. They are appealing and believable because the email looks similar to a real request. To be successful, it must trick users. To protect yourself, be suspicious of any communication that directs you to take any action, no matter how official it appears, Remember to pause and look for clues to determine if it is fake. For example, does the bait look “phishy” to you. Its an example of a high profile person receiving an urgent email that said he must change his password, and well, he clicked the link in this email.


One thing you need to remember is this, Stop and hover every link before you click! If you take a moment to hover your mouse over the link, you will see the true destination of that link. This is a significant clue to determine if an email is legitimate. 


For example, if you get an email that appears to come from your bank saying there is a problem with your account and you must log in to a website and to correct the problem by clicking a link, do not click. Instead, open an up to date browser and manually type the web address to see what is happening. 


If you receive an email that requests the movement of money, such as payment of an invoice, even if it from someone you know, we recommend that you use another form of trusted communication to verify that the message is legitimate before taking any action. Also, carefully check the email address. Just because a message says it is coming from the name of a person you know or trust, it does not mean that the email is from that person. 


Phishing attacks are sent to a wide audience. Whereas Spearphishing, whaling, CEO Fraud, and Business Email Compromise and even vishing are directed towards specific individuals or business roles. Research shows that these attacks are effective 91% of the time. 


If an attacker is interested in breaking into a particular organisation, they might use a personally crafted email or a targeted phone call, seemingly from a source internal to that organisation or from a vendor that the organisation does business with and trusted. 


Many times, these fake communication appears as a direct message from your boss or any of the executives, if you are suspicious, even if the details appear to be accurate, do not respond. 


Over your mouse over links to check their true destination, and check for spelling and grammar errors. To be safe, never transfer money, divulge sensitive information, or grant special access without first double-checking to confirm from an alternate trusted source. 


Social Engineers are experts at impersonating legitimate sources, manipulating human nature to trigger an emotional response, and enticing you to skip normal security protocols. Don’t fall for it.


When it comes to cybersecurity, knowledge is power and that’s why by Implementing actions you can take, you can avoid common traps. Be Cyber Security safe out there.


Action Point

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.



Download Our App.


CEHNigeria On Google Playstore

Download Our Blog App On Google Playstore. 


Have a deeper understanding of Google Search Console. Use SEOPOZ



Have a deeper understanding of Google Search Console. Join SEOPOZ for free. 

Join Our Whatsapp Group Here


Join Our Whatsapp Group

Follow Us On Twitter and I will Follow Back


Follow Us On Twitter

Kindly follow me on Twitter and I promise I will follow back. Aside you all get updates when we post new articles. 

About Adeniyi Salau 889 Articles
I am an IT enthusiast and a man of many parts. I am a Certified Digital Marketer, Project Manager and a Real Estate Consultant. I love writing because that's what keeps me going. I am running this blog to share what I know with others. I am also a Superlife Stem Cell Distributor. Our Stem Cell Products can cure many ailments.

Be the first to comment

Leave a Reply

Your email address will not be published.


CommentLuv badge