Business Email Compromise (BEC) is also known as email account compromise, man-in the-email attack. Not only is this type of fraud one of the most financially damaging online crimes, but it is also costlier than other fraud attacks combined. It is becoming more targeted, there are fewer victims, but the losses are greater.

In BEC Scam, criminals send an email message that appears to come from a known source making a legitimate request whilst it is an illegitimate one. Anyone can be targeted in a BEC scam, although, high-level executives such as the c-level officers and people working in the finance department are the most likely target.


Criminals carry out these scams by doing the following:

  • Spoofing an email account or website by making slight variations on legitimate addresses and
    • In the first address, the fourth letter is small letter L, while the second address, the fourth letter is capital letter i.
  • Sending spear phishing email, that is, sending messages that look like they are from a trusted source
  • Using a Malware

BEC are successful for three main reasons.

  1. Insufficient security protocols
  2. Social Engineering: It is a technique used in tricking people to divulge private and sensitive information.
  3. Lack of employee awareness

                                                HOW TO PROTECT YOURSELF

  • Information shared online such as nicknames, birthdays, schools attended, family links etc. should be limited
  • Do not click on anything in an unsolicited email that requires you to verify account
  • Assume that unencrypted emails are unsecure
  • Do not use email to communicate financial information or wire instructions
  • Separate wiring instructions from the details about the amount to be wired or descriptions of the transactions.
  • Be careful what you download
  • Do not open an email attachment from someone you do not know
  • Email address, spelling and URL used in any correspondence should be carefully examined
  • Two-factor or multi-factor authentication should be set up on any and every account that allows it and never disable it
  • If possible, very payment and purchase requests in person. If it is not, call the person to ensure it is legitimate
  • If there are changes in the account details or payment procedures, verify those changes with the person making the request
  • If one is being asked to act fast when it comes to payment, be wary of such.

                              WHAT TO DO IF FUNDS GET HIJACKED

If one falls victim to Business Email Compromise, below are the things that should be done.

  1. Contact the IT department and Cybersecurity insurer immediately to report the incident.
    • Cybersecurity insurer is an insurance company that covers a company’s liability once a data breach occurs.
  2. Contact the originating bank to request a recall or reversal.
  3. File a detailed business email compromise complaint with the law enforcement agency responsible for this, in our case, the Economic & Financial Crimes Commission (EFCC)
  4. Secure Email Gateway is an example of an email security solution that can be used.

Post written by Oreoluwa Adegoke



Comments (12)

  1. Jasparel
    May 14, 2021

    Very Informative

  2. Ayo
    May 14, 2021

    This is the type of messages people
    Should forward to others on WhatsApp to help understand more on this topic. Considering the state of the country at the moment, information like this should definitely be shared. Have learnt a few things from this especially around email and financial communications. It’s time I review all my security and delete financial information on my email. Thank you for sharing this information.

  3. Sope
    May 14, 2021

    Super informative. I learnt something new.

  4. Olaoluwa
    May 14, 2021

    This is very useful information especially as fraud is on the rise. Thank you.

  5. Modupe
    May 14, 2021

    Brillant!!!! This is really a useful and informative article. Thank you for sharing this vital information, I have learnt one or two from this 👍

  6. Bisola
    May 14, 2021

    Great stuff! Very helpful, Welldone.
    We’d be expecting more of this

  7. Wuraola Ogunsnaya
    May 14, 2021

    Very useful, informative and helpful article.
    Welldone!! Very Brilliant. We hope to get more of this. Thank you

  8. Yemi
    May 14, 2021

    With the increase in fraudulent activities going on, this is such an educative and informative piece. The need to be super conscious of email compromise cannot be overemphasized. A brilliant article.

  9. Yinka
    May 14, 2021

    Thank you for the write up, Very informative. Anybody could be a victim of phishing emails, Never open mails from untrusted/unverified sources.

  10. Adeteju
    May 14, 2021

    This was a really good and insightful read. Thanks for the awareness, hoping to read more articles like this.

  11. Walcott
    May 15, 2021

    Que sera sera.. constructive and good article

  12. Taio
    May 18, 2021

    Great article and helpful tips.
    Thank you for sharing

Leave a comment

Your email address will not be published. Required fields are marked *

Open chat
Want to Become a Certified Fraud Examiner ?
Attend our next CFE exam review course and become a Certified Fraud Examiner in December 2022. Registration is Ongoing!
       Register Now for the CFE Exam Review Course Second Cohort.
     Date: March 24th - 27th, 2022.
* we never share your data with third parties.