Business Email Compromise

Business email compromise (BEC) is a form of cybercrime in which cyber criminals use social engineering tactics to impersonate a trusted executive, vendor, or client via email, tricking an unsuspecting employee into making a fraudulent payment. According to the FBI, BEC attacks have caused over $26 billion in losses since 2016, with small and medium-sized businesses being particularly vulnerable.

 In 2019, UK Finance recorded over 122,000 instances of this scam, which cost UK businesses gross losses of £455.8 million, with the figure expected to grow continually over the coming years.

Your company may be at risk!

See how with our FREE Security Audit

Business Email Compromise (BEC)

Sometimes known as ‘man-in-the-email’ scams or ‘CEO fraud’, BEC tricks employees into providing confidential information or sending money to someone they believe they can trust. Cybercriminals will either hack into the email accounts of C-suite / business or create new ‘fake’ versions of the email that appear to be authentic.

The cybercriminal imposters will often pose as a manager or member of the c-suite to email potential victims in the accounts or finance team with an ‘urgent’ request to send money via wire transfer as an example. This type of threat targets predictable human behaviours and rely on workers being busy, distracted or inattentive. The big challenge businesses face is the fact that most BEC attacks will not be detected by antiviruses, spam filters or other basic cybersecurity measures as they employ social engineering techniques, rather than malicious links or attachments.

Many large businesses and organisations have been compromised in this way with many others determined to keep threat behind closed doors.

  • Bank of Ireland suffered an attack in May 2020 which resulted in the theft of €1.4m from one of its Dublin based subsidiaries.
  • TSB bank suffered numerous cyberattacks during an upgrade in 2018 which resulted in a tsunami of BEC attacks on their customers
  • Trinity College reported that it had lost 1m to a BEC scam after fraudsters had intercepted emails between the university and vendors. (Many Universities and colleges have been targeted throughout the UK and Ireland resulting in the loss of millions.

It’s not exclusively the finance or education sectors – every business or organisation is vulnerable to BEC attacks however the small to medium sized businesses are most susceptible often due to their limited resources and occasionally, a lack of IT personnel.

How you can protect your business from BEC attack

The consequences of a BEC attack are evident – financial loss, potential legal repercussions, data theft, reputation damage and the loss of customer trust and confidence. You need to take the position that business email compromise is a serious threat to your business and take the following actions:

Education & Training

Do everything in your power to ensure that your employees understand the tactics used in these attacks and also the risks involved. Ask them to be on the lookout for strange or curious requests from leaders within the organisation. Watch out for any quirks in obvious financial processes or efforts by anyone to sidestep normal channels or protocols.D

Secure Email Protocols

Ensure that you implement strong email security measures such as two-factor authentication and email encryption. Ensure that the email system is up to date and that patches are all up to date.

Limited Access

Limit access to accounts and establish clear financial protocols, dual authorisation for amounts over a certain threshold. Make sure all relevant employees are clear on these protocols.

Security Operations Centre

How the LoughTec SOC can protect your business?

The LoughTec SOC is responsible for detecting, analysing and responding to security incidents in real time delivered through software, technology and (human) security analysts. In addition to 24/7 monitoring and management, the SOC helps organisations maintain
security policies and procedures, deliver training and provides regular reports on our customers security posture.

Here’s how it works:

Step 1.

No obligation, no cost initial consultation to review your current security protocols, enhanced potential requirements and your main concerns.

Step 2.

Deploy the LoughTec System Security Scan for a deep dive on your current cyber posture as well as your threat risk score and analysis.

Step 3.

Review all findings and create our joint cyber security action plan to mitigate the potential risks.

Step 4.

Implement the required tailored cyber improvement plan and resolution actions for your business.

Step 5.

Ongoing LoughTec account management updates with additional training and support tools and plans available.

Our advice to every business is that you need better visibility of your security posture and an understanding of the implications to your business of a data breach, malware or ransomware or any current threat.

Remember cyber threat is a real and constant – there is a good chance that you have already been hacked. If not yet, you definitely will be. It’s important to know that your network is being monitored 24/7/365 – just like you would for your property or plant.

Cyber protection is an investment, not an expense – the LoughTec SOC can protect your most valuable business assets from as little as from as little as £4/day.

For more information and to book a free no-obligation consultation email
or call 0800 158 2337

Get in Touch with Loughtec Cyber Security

Customer Success Stories

Don’t just take our word for it

Cyber Security

Our Clients

Pharmaceutical &


Agricultural &

Get in Touch with Loughtec Cyber Security