Business Email Compromise

Business Email Compromise

Here at Infinity Computer Systems, we are committed to online security and helping our customers protect their businesses against fraud and theft. One of the ways we do this is by keeping you informed of emerging trends and threats among cybercriminals and fraudsters.

Business Email Compromise: A Growing Online Security Threat

A business email compromise happens when a fraudster sends an email to your company’s payments team impersonating a contractor, supplier, creditor or even someone in your senior management. For instance, the payments team may receive:

  • An email appearing to be from the CEO asking that an urgent payment be made. This is often accompanied by a request for secrecy, directing the recipient not to discuss the matter with anyone else.
  • An email or forged letter from a supplier advising that their account numbers have changed, and instructing all future payments be sent to the new account.

In either case, it can be difficult to detect this type of fraud since cybercriminals make the sender’s email address appear to be the same as a known email address. Fraudsters may even hack into the actual email account of a particular user and send the email directly from there.

How You Can Take Action

Start by making your payments team and/or relevant staff aware of this type of fraud so they can be looking out for it. In addition to this:

  • Implement payments security that includes a two-step verification process, which involves contacting the sender via an alternative method (e.g., phone, instant message).
  • Always use known contact details to follow up.
    • Don’t reply directly to the email.
    • Don’t use any phone numbers or other contact information included in the email.

If you have any questions, please contact us.