Business Email Compromise

Back to Cybercrime and Fraud

Supplementary Guide

Protecting Against Business Email Compromise

What is business email compromise?

Also known as president or CEO fraud, business email compromise generally targets a company's payments team, impersonating a contractor, supplier, creditor or even someone in senior management. The email might appear to be from someone high up in the organization, asking that an urgent payment be made, or from a supplier, requesting that future payments go to a new account. Often it instructs the recipient not to discuss the matter with anyone else.

The sender's email will often be manipulated so it closely matches a known address. Cybercriminals may even hack into and use a real email account, making it even more difficult to identify fraudulent communications.

It's up to your company to verify payment information. Once you authorize a payment to the new account, it is very complicated – and unlikely – that you will be able to recover your funds.

What are the risks to your business?

  • Significant financial loss
  • Reputational damage

How to defend your business against email compromise

  • Implement a two-step payments verification process that includes a non-email check (such as a phone or text) with the initiator.
  • Set up your email servers so that email from external sources that claim to be from your domain are blocked.
  • Always use known contact details to follow up an email request for funds – but don't reply directly to the initial email or use the phone numbers or other contact information included in the email.
  • Set transaction limits on your business accounts that are within your risk appetite – and set different limits for different users.
  • Be on alert any time there are changes to a supplier's bank account information and take steps to verify these changes before making payments.

Need help?

Get in touch to learn more about our banking solutions and how we can help you drive your business forward.