Stop! And think, before you act

Posted June 20, 2023

How often do you hastily respond to an email without truly contemplating its contents?

Maybe it’s a routine inquiry or a simple invoice payment request. Seemingly mundane tasks. However, little do you know that by simply clicking “send,” you’ve fallen prey to a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cybercriminal gains unauthorized access to your business email account and cunningly deceives your employees, customers, or partners into sending them money or sensitive information. They accomplish this by assuming the identity of a trusted senior figure within your organization.

One might assume that such attacks exclusively target large corporations, but that’s far from the truth.

According to the FBI, small and medium-sized businesses are equally susceptible to BEC attacks, just as their larger counterparts. In fact, over the past few years, these attacks have inflicted financial losses exceeding £20 billion on businesses.

Regrettably, recent findings from Microsoft indicate that these attacks are becoming more malicious and increasingly challenging to detect.


Now, the question arises: What steps can you take to safeguard your business against BEC attacks? Here’s the advice we offer at UpTech Ltd:

  1. Empower your employees through education: Your employees serve as the frontline defense against BEC attacks. It is crucial to equip them with the knowledge necessary to identify phishing emails, suspicious requests, and counterfeit invoices. Regularly train them on cybersecurity best practices, such as utilizing strong passwords, implementing multi-factor authentication, and practicing secure file sharing.
  2. Harness advanced email security solutions: Basic email protections like antispam and antivirus software are no longer sufficient to combat BEC attacks. To effectively detect and prevent these threats in real-time, you require advanced solutions that employ artificial intelligence and machine learning. Seek out email security providers offering features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).
  3. Establish transaction verification procedures: Prior to transferring funds or sensitive information, establish a verification process that validates the authenticity of the request. This might entail a phone call, video conference, or face-to-face meeting. Relying solely on email to authenticate such requests is ill-advised.
  4. Monitor your email traffic: Regularly scrutinize your email traffic for any anomalies or unusual patterns. Be vigilant for indicators such as unfamiliar senders, atypical login locations, alterations to email settings or forwarding rules, and unexpected emails. Ensure that you have a well-defined protocol in place for promptly reporting and responding to any suspicious activity.
  5. Maintain up-to-date software: Always ensure that your operating system, email software, and other applications are running the latest versions. These updates often contain crucial security patches that address known vulnerabilities.

BEC attacks are proliferating in both frequency and sophistication. However, armed with the right knowledge, training, and security solutions, you can fortify your business against these threats.

Do not wait until it’s too late – seize the opportunity today to safeguard your business.

Should you desire further insights on safeguarding your business from cyber threats, our dedicated team stands prepared to assist you. Contact us at today