Email Security Blog

How to Prevent Business Email Compromise Attacks

John Wilson October 8, 2021 BEC, Email Security
Man perplexed looking at laptop computer

How can you prevent business email attacks? Is training enough? We’ll walk you through solutions and tips to protect your enterprise email from these attacks.

Why is business email compromise such a problem?

Business email compromise (BEC) attacks are sophisticated scams that target specific individuals with believable emails asking for funds to be transferred. These attacks can cost a company thousands, if not millions, of dollars a year.

Why BEC Attacks Are So Dangerous

While ransomware attacks make it on the nightly news, BEC goes largely unnoticed in the mainstream media. But according to a recent FBI report, Business Email Compromise (BEC) crimes were the most financially devastating type of cyberattack, accounting for nearly $1.8 billion in losses.

These types of attacks are successful because they specifically target companies that deal regularly with international wire transfers in large sums. Unlike random phishing attempts that send out indiscriminate messages, BEC scams are highly targeted making them considerably more dangerous.

Business Email Compromise Examples

BEC attacks leverage a combination of phishing and social engineering tactics to trick authorized staff into wiring money to the scammer. These targeted attacks often take considerable time to plan and can be tough to spot to the untrained eye.

BEC scams can take many different forms, making them difficult to consistently identify. Let’s take a look at six of the most common types of BEC fraud.

Fake Invoice

Scammers send a fake invoice pretending to be a trusted vendor or partner. They often use lookalike domains to closely resemble a known vendor of the target company. The fake invoice contains incorrect account information resulting in funds being routed to the attacker.

In some cases, the invoice can also contain a keylogger, where the attacker will steal financial information by leveraging spyware if the initial scam fails.

Fake Account Update

Attackers use phishing messages pretending to be a known partner of a third-party vendor with the company. These crimes are usually directed towards the accounting department or human resources.

The victim believes this to be the real person and updates their banking information to the attacker’s account. This tactic is also used to impersonate employees, where the attacker contacts the HR department and requests that their direct deposit information is updated to the attackers’ account.

Transaction Attacks

Scammers can exploit insecure email communications to “listen” in on messages pertaining to large transactions, typically in the legal or real estate industry. They leverage this collected information and message the victim from a spoofed address claiming that the account details need to be updated.

This fraud usually happens right before a transaction is going to take place and occurs towards the end of the day. The scammer will often send the fraudulent request from an account that looks similar to the legitimate payee’s account.

Gift Card Scams

Fraudsters use whaling techniques to impersonate a CEO or high-level executive within an organization, and pressure other staff members to purchase gift cards. These scams usually claim the gift cards are for employee rewards, parties, or raffles.

The attacker asks the victim to read them the number on the back of the card, so they can sell those cards online in exchange for cash or cryptocurrency. Gift card scams can occur via email but have increasingly become more common via text message.

Advanced Payment Scam

After studying the target company, attackers will impersonate a known vendor and request advanced payment on a service or goods that were previously not required. The attacker may use fake quotes, invoices, or other documents to support their payment request.

Accounts Receivable Scam

This attack impersonates a high-level staff member within the organization and makes an internal request for old account receivable reports. Once the attacker has these reports, they use this information to attempt to collect the debt owed through another phishing scam.

How to Prevent a BEC Attack

The best way to combat BEC is to prevent them in the first place. Here are a few of the best ways to protect yourself from these scams.

Implement DMARC Protection

Using DMARC authentication for your domain drastically reduces your organizations’ exposure to phishing messages, spoofing attempts, and fraud. DMARC is completely free to set up and helps validate your messages while protecting your business against impersonation.

DMARC uses two components to protect your domain. First, an SPF record is used to help others know what server your email should be coming from. Second, DKIM email authentication validates your messages to combat spoofing attempts.

Use Internal Account Controls

Internal policies and procedures can drastically reduce the risk of BEC, especially when dealing with wire fraud. Review or create procedures for staff members before they move money, change account details, or send sensitive information.

Deploy Phishing Training

Phishing campaigns can help train all staff to identify suspicious messages by sending “test” phishing messages to their inbox. This strategy combined with continuous education can help reduce the risk of BEC while improving the overall security posture of the company.

Flag Emails as External

Email administrators can create a rule on their mail server that tags emails as external. This helps staff easily identify when a message is coming from somewhere outside of their organization, without having to study the “From” field.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) can help add an additional layer of email protection to your organization. MFA works by only allowing authentication when a secondary device is used in conjunction with a username and password. This helps prevent fraud even when credentials are stolen.

How to Report Business Email Compromise

If you believe you are the victim of a BEC scam, contact your bank or provider immediately to prevent further compromise. Contact your IT administrator with details of the message. Quickly contacting your IT department can help them prevent future compromise in the organization.

If you have been sent a fraudulent message, there are a few simple steps you can take to report BEC.

1. Forward the message directly to the FTC at If the message was a text, you can forward it to SPAM (7726).

2. Report the attack by visiting Reporting BEC helps the FTC stop future fraud and accurately forecast threat trends.

The Agari Advantage

Agari offers a proactive solution to combat email threats using DMARC and advanced phishing protection. The system utilizes both signature-based security as well as behavioral analysis to stop both malicious files, and phishing attempts at the same time.

Predictive analytics identifies new threat trends as they emerge by proactively scanning trillions of messages. As new threat patterns are identified, they are automatically applied to your threat database, ensuring even the newest types of attacks are thwarted.

No matter where your email is hosted, Agari offers a wide variety of integrations into platforms like Office 365, Microsoft Exchange, and Gmail. Setup is simple and doesn’t require any downtime, meaning no missed emails during onboarding.

If you’re looking to protect your company from email-based attacks, Agari’s Advanced Email Security can help. Sign up for a free trial to see the difference Agari can make in your inbox.



Laptop with multiple paddle locks with key holes

May 27, 2022 John Wilson

SMTPS: Securing SMTP and the Differences Between SSL, TLS, and the Ports They Use

What is the difference between SMTPS and SMTP? SMTPS uses additional SSL or TLS cryptographic protocols…

Agari Blog Image

May 18, 2022 Ramon Peypoch

What Is Email Spoofing and How Do You Protect Against It?

What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal…

Computer Showing Secure Email Server

March 9, 2022 John Wilson

Securing Your Email with DMARC

Understanding the What, How, and Why of DMARC You probably already know this, but it…

Agari Blog Image

December 16, 2021 John Wilson

Common Phishing Email Attacks | Examples & Descriptions

What does a phishing email look like? We've compiled phishing email examples to help show…

Agari Blog Image

December 8, 2021 John Wilson

What Is Email Phishing? [How to Protect Your Enterprise]

Phishing emails can steal sensitive data and cost companies' reputation. However, protecting a company from…

mobile image