Protecting Your Business: Understanding and Mitigating the Risks of Business Email Compromise (BEC)

Publication Date: 10/01/2025

Cybercrime includes Business Email Compromise (BEC), which is when criminals illegally access an email account and impersonate the user. They steal usernames and passwords through phishing and other methods, tricking users into revealing their information. They then utilise the compromised information to access and use the user’s email account.

Symptoms of a Possible Compromised Email Address Include:

  • There are complaints about spam coming from your email address.
  • Emails are not being received.
  • Missing emails.
  • Receiving large numbers of undeliverable or bounce messages for emails you did not send.
  • Not being able to log into your email account.
  • Notice unknown emails in your Sent Items folder.

TIPS

  • Make sure your PC has the most up-to-date OS updates and antivirus/malware software.
  • If your account was hacked, notify all email recipients that the spam they received was not from you.
  • Set up several email addresses. Use your main email for personal or business communication, and an alternate email for service provider interactions to enhance security. Then, use a third email address for registering for websites, newsletters, online shopping and other services. In this way, the risk of a possible compromise is spread.
  • Use unique, strong passwords for each account, at least six characters long, combining letters, numbers, and both uppercase and lowercase letters.
  • On a secure PC, log into your email and then check if any of the settings have been changed. This may mean your email account has been hacked. Check for any changed settings and delete them immediately.
  • Once you have changed the settings, create a new password, and add your secondary email account as your alternative address.
  • Avoid sharing your main email address publicly online, such as on forums, ads, blogs, or social media, to prevent spam. Use a separate email address for the internet which is not linked to your personal or business email account.
  • Avoid using public computers to check your email, as they may be infected with malware or have keylogging spyware.