Identifying A Business Email Scam

A business email compromise scam or BEC targets mostly companies that usually have suppliers abroad. Criminals send emails to businesses pretending to be from a trusted source, likely a vendor with which an organization already has business. Although this scam mostly affects businesses, individuals can also be a target.

This scam involves a person who poses as a wealthy individual requesting assistance in getting a huge amount of money from their country and they would give you a large share of the money in return. 

BEC as a Threat

Emails like this are sent from usually someone or a domain you have never received mail from. They pretend to be a person important in a well-known organization, hoping that you would reply, and then they can scam you into providing some information or even sending some money for Advance Fee Fraud.

business email scam

Types of BEC

Some of the keywords to look out for are request, transfer, payment, and urgent. There are 5 types of BEC scams:

The Bogus Invoice

Attackers pretend to be foreign suppliers requesting payments to a certain account. Sometimes these “suppliers” will include a message saying they’ve updated their account information.

CEO Fraud

Attackers impersonate an executive or CEO of the company and email employees requesting fund transfers to different accounts.

Account Compromise

An employee or executive’s email account is compromised and used to request payments from those in their contacts. The payment will be directed to a bank account that does not belong to the company.

Attorney Impersonation

Attackers pose as lawyers in-chare of the company’s confidential matters. Requests like these are typically done through email or phone outside working hours.

Data Theft 

The target of this scam is to obtain information such as tax statement of executives and employees. Data from this type of attack can be used for more attacks in the future.

How to Avoid Getting Scammed

It is particularly hard to recognize a pattern for BEC attacks as they don’t use any observable techniques, just plain text in their emails. They also don’t have obvious malicious links or attachments.

  • Confirm requests in person if possible, especially for urgent payments.
  • Use a verified payment platform to ensure that suspicious accounts can be reported.
  • Activate multiple authentication settings if applicable.
  • Train employees to identify scams and set security standards that everyone should follow.


Protect your business accounts with the right email security measures. SANGU protects its users from advanced cybersecurity threats! Get your invite to our pre-launch here.


Sangu Email provides powerful protection against email threats—securing inbound, outbound and internal emails using advanced security features .