Business Email Compromise (BEC) and Phishing – How Do You Combat It?

Business Email Compromise (BEC) and Phishing – How Do You Combat It?

Business email compromise (BEC) and phishing are not new ways to scam, as soon as email rose to popularity as a dominant form of communications scammers saw a lucrative window and took advantage.

Before we explain how to avoid it we should explain what Business Email Compromise (BEC) is. BEC is when a legitimate business is sent an email that looks like it’s coming from another legitimate business, but it’s not. It’s actually a scammer spoofing that email identity. This is the most popular form of phishing but it’s far from the only version. Scammers can even spoof your own domain, so an email looks like it’s coming from within your own organization.

How do you combat something so insidious? The top way is training, by training yourself and your employees properly on what to look for then you can avoid these scams which cost people located in the US $57 million last year.

Here are some of the things we look for when determining is an email is a phishing attempt.

  1. It may contain a generic greeting such as “Hello sir or madam” or “Hi Dear” a company you do business with or a person you know would probably know your name.
  2. The email mentions some kind of fraudulent activity on your account and has a link asking you to confirm your private details to unlock or otherwise reinstate your account. This is a VERY common scam.
  3. The links in the email are NOT from the business the email is purporting to be when you hover over them.
  4. The email may contain spelling errors and sentences that sound strange grammatically.
  5. The logos in the email may be of a poor resolution because these scammers do not have access to the real company assets.
  6. The email is coming from a CEO or President of a large organization and is asking you to wire money in exchange for a lump sum in return later. These emails may not have spelling errors or strange links but ask yourself – would any CEO or President of a large company be asking you to wire them money?

That last one is key, if all the obvious methods of detection fail you may have to rely on just asking yourself if the request in the email makes sense. If the email looks like it is coming from someone you know personally, reach out to them via phone or in person to ask about it. Most of the time, victims who have had their emails compromised or spoofed have no idea it’s even going on.

Beyond training on knowing what to look for in a phishing email these are our top 3 things to protect yourself from scams across the board.

  1. Keep the software on your devices completely up to date.
  2. Use Multi-factor or 2 Factor Authentication on your accounts.
  3. Backup your data regularly so on the off chance something happens, you’re covered.

If you receive an email you suspect is a phishing attempt, the best thing to do is not respond to it and report it. You can report suspected phishing emails to the FTC here.

For businesses located in the Central Valley, we offer cyber security training as part of our managed service plans (which includes comprehensive training on how to avoid phishing attacks).

Phishing training available

Looking for more to read? We suggest these tech articles from the last week.

This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at or on Facebook at . Follow us on Twitter at

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!