Business Email Compromise refers to the potential threats that could be posed to your organizational emails from criminals who can intervene in your business processes through fraudulent emails.

These fraudulent emails are very hard to identify as they are generally represented by similar names as a governmental domain with a legitimate email account or might even seem as if it is a reliable co-worker working in the same organization. These emails could result in phishing and scam your business for money or even worse, your private and confidential organizational information, which could be used to exploit your business reputation.


Now you might be wondering what type of phishing could be done through business emails!! There are several types of frauds and scams that can occur through emails, thereby causing a huge financial and reputational loss to your organization. Some of the potential scams that are linked to business email compromise have been mentioned below:

1. Invoice fraud, where a criminal can send legit invoices to the customers and ask for money in his personal account.

2. Employee impersonation, where the criminal could pose himself as an employee and can get the salary paid into his account.

3. Corporate/Organizational impersonation, where the criminal could act as your business to receive products and payments from your vendors and clients.

4. Legislative scam, where the criminal could act as a legitimate government organization to retrieve confidential information about your business.


Detecting phishing emails is one of the hardest tasks to perform as they seem to be from reputable organisations that you trust. These could be similar to the emails received from your government departments like ATO, Centrelink, myGov, etc.; utilities’ companies; financial institutions; police and law enforcement; or from multinational corporations like Amazon, PayPal, Google, Apple, etc. 

So how to protect from phishing emails, and how to avoid business email compromise?

Some of the things that you can do to protect yourself from phishing have been mentioned below:

a. Properly check the spelling of the sender’s domain name

b. Use scanning services offered by your email, and social media providers

c. Think and check twice before you click on a link from an unknown sender

d. Do not provide any personal information without verifying the source

e. Use multi-factor authentication, including strong passphrases, possession, fingerprint/facial recognition, etc., so that workers authenticate themselves before accessing their business emails

f. Deploy protective business processes that require the workers to validate and verify any new requests for payments or receiving sensitive information.

g. Develop and maintain good security controls within your organization, such as email verification, Sender Policy Framework (SPF), and Domain Message Authentication Reporting and Conformance (DMARC), that can help you detect fake emails.

Steps to follow if your business email is compromised?

By now, you are familiar with the possible ways to protect yourself from business email compromise. However, there are still some things that you can do if you become a victim of the business email compromise. Some of the steps that you can follow have been provided below:

1. Contact your financial institution immediately, and inform them about the scam.

2. Gather all the required documents from the phishing email, for future reference.

3. Report the incident with your state Government and inform them about the fraudulent email.

4. Change the password and verification details for your email and notify all the related stakeholders who might be affected by the scam.

If you require any further assistance regarding business email compromise, or if you find yourself to be a potential victim of this scam, contact our experts at DWIT today to learn how we can help you protect your business.