Published in


Preventing BEC Attacks

Photo by rawpixel on Unsplash

How Can I Protect My Business From BEC Attacks?

The key to keeping your business secure is to educate your employees on the risks and how to keep safe. Employees should be taught how to spot and evade fraudulent emails. Up to date technology and procedures can also reduce the risks of BEC attacks.

Avoiding Opening Emails From Unknown Parties

The safest way to avoid risk is to not click the email in the first place. Employees should check the address of the sender carefully for any differences that might be a sign of a spoofed address. This could include “l” with “1” or a subtle misspelling that could easily be overlooked.

Check Links

Links in emails can be disguised using anchor text. You can reveal the true destination by hovering over the link. A box next to the cursor or in the bottom corner of the browser will display the real address the link leads to. Investigate these carefully. Fraudulent links may try to mimic a real address.

Avoid Attachments

Attachments are one of the most common methods criminals use to distribute malware. Unknown attachments must never be opened. Even attachments you are expecting should be scanned by up to date anti malware before being accepted.

Use a Company Domain

Using free web-based emails accounts for your business makes it easier for criminals to spoof your addresses. You should create a company domain and use it for your email accounts instead. Criminals may still try to mimic the address, but diligent employees will be able to spot the inconsistencies.

Verify Money Transfers

Creating a procedure for money and data transfers can prevent careless losses. Any transfers should be verified with another member of staff through face to face or telephone call, using previously established numbers. You should not rely on any contact methods suggested by the email, especially if they differ from the norm.

Consider What Information Your Are Putting Online

Cyber criminals can use the information you put online to enhance their facades. They use this data to build profiles of employees in preparation for grooming them as part of their phishing attempts. This can include names, addresses, job titles and descriptions.

Keep Anti-Malware Updated

Using the latest anti-virus and malware technology can catch harmful payloads often distributed by email. Malware is constantly evolving, so it is vital to regularly updated your software to keep up.

Email Authentication

Using email authentication, such as SPF, DKIM, and DMARC, can protect you from email spoofing.



Stories from the world of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store