How Small Businesses Fall Victim to BEC Scams

Image with logo loughtec 2

Small businesses are susceptible to Business Email Compromise (BEC) attacks due to several factors, including their reliance on email communication, potentially limited cyber security resources, and a lack of awareness about the sophistication of these attacks. Here’s how a small business can become entangled in a Business Email Compromise:


Phishing Attacks:

Attackers often use phishing emails designed to deceive employees into providing sensitive information or performing actions that benefit the attackers. Small businesses might lack robust email filtering or employee training, making them more susceptible to phishing attacks.


Spoofing or Impersonation:

Cyber criminals may impersonate trusted individuals within the company, such as executives, vendors, or partners, using similar email addresses or creating fake but convincing emails to manipulate employees.


Social Engineering:

Attackers use social engineering techniques to exploit human behaviour and trust. They might build relationships with employees through email conversations or use psychological manipulation to persuade individuals to perform specific actions like wire transfers or reveal sensitive information.


Compromised Accounts:

If an employee’s email account is compromised due to weak passwords or phishing, cyber criminals can gain access to internal communications and contacts, allowing them to send convincing fraudulent emails from within the organisation.


Lack of Awareness and Training:

Small businesses might not prioritise cyber security training for employees, making them less vigilant against the various tactics used in BEC attacks.


Reliance on Email for Transactions:

Small businesses often heavily use email for communications, including financial transactions or interacting with vendors and clients. This reliance makes them vulnerable to email-based attacks.


Limited Resources for Cyber Security Measures:

Small businesses might lack the resources or dedicated personnel to implement strong email security measures or comprehensive cyber security protocols, exposing them to attacks.


To mitigate the risk of falling victim to a BEC attack, small businesses should invest in employee training to recognise phishing attempts, implement email authentication protocols, use multi-factor authentication, regularly update and patch systems, and establish clear verification processes for financial transactions or sensitive information exchanges. Collaborating with cyber security experts or investing in security solutions designed for small businesses can significantly improve their defences against BEC attacks.


For more information on Cyber Security for your organisation, contact LoughTec Telephone:  +44 (0) 28 8225 2445 or email

LoughTec are a leading provider of cyber security solutions and help hundreds of companies in the UK & Ireland with Cyber Security Training, Cyber Essentials Accreditation and IT Support.

LoughTec: Watertight Cyber Security and IT Solutions