Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

What is Business Email Compromise?

Business Email Compromise (BEC) is a form of targeted phishing attack (spear-phishing) that attempts to extract sensitive information and, typically, request that bank details are altered to an account under their control by way of impersonation. This is more commonly referred to as mandate or invoice fraud.

This often involves the attacker compromising an email account and acquiring information pertaining to active contracts they can take advantage of. Similar-looking email addresses are then created so the fraudsters can continue communicating even if they lose access to the compromised account.

This kind of attack does not always have any malicious links or attachments so they are more likely to evade traditional security solutions meaning it is up to the recipient to recognise and react appropriately.

The warning signs

  • You receive an email from an executive, influential staff member of an organisation or customer you are dealing with requesting to update banking details or send an invoice with details that aren't on record.

  • The sender requests that the transaction is expedited as soon as possible or the request comes in at the end of the work day/week.

  • The message may press the recipient to bypass normal polices and procedures. 

  • The sender says that they are travelling, or is otherwise unavailable to take a call.

The do's and don'ts

The following covers some basic steps that anyone can do when a BEC email has been received.

  • Don't act on a request to send money or sensitive information, or change details on record without first confirming it is authentic.

  • Don't reply to suspicious emails. Speak directly to the person the sender claims to be. Contact the person on a number you know to be legitimate or in person.

  • Immediately contact your designated finance officer or financial institution if you discover a fraudulent transfer.

  • All emails and any other evidence should be preserved to provide to investigators and authorities if required.

  • Follow your organisation's reporting procedure for fraudulent activity.

  • Report it to us using our Cyber Concerns Online Reporting Form.


  • Always carefully check any email addresses to identify if it exactly matches your known and trusted records.

  • Mandate fraud is more likely to be perpetrated against an organisation. Be alert to any requests to alter their bank details.

  • Validate all requests for bank account changes using established contact details. Never use any of the contact details contained within letters/emails received pertaining to an update of details.

  • Make an 'open source' check on the internet of any new bank account sort codes and account details to identify the location of the bank (to be checked against the company address) and whether there are any reports available to indicate the communication is a scam.
  • Adopt dual control procedures for authorising payments. Ensure that a senior member of your finance team reviews actions and formally authorises the change of bank account details.

  • Regularly reconcile your bank statement and report anything suspicious to your bank immediately.

  • Business managers should regularly review and update security policies ensuring that all staff are fully briefed and trained to spot potential fraud.