Breadcrumbs

Business email compromise

Business email compromise is when an attacker gets access to an employee’s email account without their permission to carry out a range of attacks or scams. It can impact both the business and their clients. Here’s what you need to know to help secure your business email.

Business email accounts are important to day-to-day operations. They usually hold a lot of information about billing cycles and bank accounts, and often have large contact lists. This information is valuable to your business and it’s also attractive to scammers. If they get access to your business email, they can use it to send emails pretending to be from your business to try and trick your contacts into sharing personal and financial information, or paying bills to their bank account instead of yours.

Business email compromise can affect small companies through to large organisations, and result in loss of finances and private information. It can also cause reputational risk.

The most common way business email compromise occurs is when a scammer gets access to an employee’s email password. They can access passwords in a number of ways including:

  • guessing or code cracking weak passwords
  • finding passwords in credential dumps
  • collecting account login information through phishing campaigns.

What can happen

Once the scammer has access to the email account, they can use it for a range of attacks or scams including:

  • sending fake invoices pretending to be from the business
  • intercepting legitimate invoices and changing the payment details to redirect payments to their bank account
  • sending phishing emails
  • sending malware.

How to prevent it

There are some simple measures you and your staff can put in place to strengthen your business email security.

  • Add an extra layer of security to your accounts with two-factor authentication (2FA).
  • Use strong, long and unique passwords on all your accounts. Encourage staff to use a password manager to help them remember all their passwords.
  • Don’t give out personal information online, whether on social media or by email.
  • Verify payments with an SMS or call to the person or business who sent you the invoice.

Protect accounts with 2FA 

Keep data safe with a password manager 

What to look for

Ask your IT provider to monitor your business email and check:

  • auto-forwarding rules on email accounts, especially those relating to accounts receivable
  • auto-filtering rules on email accounts to see if there are any rules that you did not set up
  • email access logs to look for any unusual login behaviour like a change in log in times and unexpected or foreign IP addresses.

If you experience business email compromise

If you discover that an email account within your business has been compromised, there are some steps you can take to help reduce the impact

  • Make sure you change the passwords on all affected email accounts immediately to prevent the scammer from accessing the account and sending any further emails.
  • Set up 2FA.
  • Tell your IT provider.
  • Ask your IT provider to check your system for any installed malware.

Report to CERT NZ

Case study: Business compromise leads to advisory

An IT provider noticed that one of its clients was receiving emails pretending to be a recognised
supplier.

The emails contained fake invoices and were attempting to trick the client into paying the invoiced
amount into the attacker’s account.