Home
Sectors
Blog
Get in touch
Home / Blog / What is Business Email Compromise?
Blog, Cyber - July 16, 2025
Blog
Cyber
What is Business Email Compromise?
2144, 2144, brett-jordan-LPZy4da9aRo-unsplash, brett-jordan-LPZy4da9aRo-unsplash-scaled.jpg, 735964, https://riskboxuk.com/wp-content/uploads/2025/07/brett-jordan-LPZy4da9aRo-unsplash-scaled.jpg, https://riskboxuk.com/what-is-business-email-compromise/brett-jordan-lpzy4da9aro-unsplash/, , 6, , , brett-jordan-lpzy4da9aro-unsplash, inherit, 2142, 2025-07-16 17:20:16, 2025-07-16 17:20:16, 0, image/jpeg, image, jpeg, https://riskboxuk.com/wp-includes/images/media/default.png, 2560, 1920, Array

As the owner of a successful business, you’re a prime target for would-be scammers and hackers. Whether that takes the form of a half-hearted phishing attempt or a full-blown malware attack, you (and your employees) need to be aware of the risks.

One such risk is business email compromise. This sophisticated cyberattack relies heavily on social engineering tactics – cybercriminals aim to deceive employees into bypassing standard procedures to gain unauthorised access to valuable assets, such as funds or sensitive data.

How does business email compromise unfold?

Business email compromise attacks typically occur through four different methods.

Spoofed email Attackers send emails from addresses that closely resemble those of trusted senders, tricking recipients into believing the communication is legitimate.
Domain spoofing Cybercriminals create fake websites or email domains that mimic those of trusted businesses or individuals. Like spoofed email addresses, these can be very convincing, with subtle differences that are easy to miss.
Stolen email credentials By obtaining legitimate email credentials, attackers can access inboxes, monitor conversations (especially those related to invoices or payments), gather information about employees, and take steps to conceal their actions.
Exploiting trust Once they’ve established a sense of trust, attackers use various social engineering techniques to persuade users to disregard normal security protocols. Employees in departments like HR and finance, or those with the authority to approve financial transactions (particularly in smaller organisations), are frequently targeted.

 

6 common forms of business email compromise

Once a scammer gains access to your information, their attack could take a number of forms – from sending false instructions to encouraging users to click a suspicious link. Here are several methods to watch out for:

  • CEO fraud: Attackers, posing as the CEO of your organisation, instruct employees to make urgent payments for confidential transactions like acquisitions or legal settlements.
  • Fraudulent instruction: Attackers impersonating vendors or suppliers, instruct employees to change payment details so that funds are diverted to accounts they control. Professional services firms are particularly vulnerable, with attackers posing as parties in real estate or other transactions.
  • Payroll redirect: Attackers instruct HR departments to change employee pay deposit information.
  • Invoice manipulation: Attackers posing as vendors or suppliers, send fraudulent invoices or request refunds to misdirect payments.
  • Loan fraud: Attackers impersonate multiple employees to take out large loans in their names.
  • Urgent requests: Attackers make urgent requests to send sensitive data, like employee tax statements, or to purchase gift cards – this is common in smaller organisations.

Don’t leave your business open to threats

Scammers and hackers are an unfortunate fact of business. But by understanding their common tricks, avoiding suspicious links, and having the right insurance in place, you’re in a better position to combat them.

Unsure whether your business is compliant with the current data protection laws and regulations? Get in touch with RiskBox to check you’re covered.

Photo by Brett Jordan on Unsplash

Latest blog posts

2144, 2144, brett-jordan-LPZy4da9aRo-unsplash, brett-jordan-LPZy4da9aRo-unsplash-scaled.jpg, 735964, https://riskboxuk.com/wp-content/uploads/2025/07/brett-jordan-LPZy4da9aRo-unsplash-scaled.jpg, https://riskboxuk.com/what-is-business-email-compromise/brett-jordan-lpzy4da9aro-unsplash/, , 6, , , brett-jordan-lpzy4da9aro-unsplash, inherit, 2142, 2025-07-16 17:20:16, 2025-07-16 17:20:16, 0, image/jpeg, image, jpeg, https://riskboxuk.com/wp-includes/images/media/default.png, 2560, 1920, Array

Blog - July 16, 2025

What is Business Email Compromise?
Read more
2138, 2138, oliver-hale-oTvU7Zmteic-unsplash, oliver-hale-oTvU7Zmteic-unsplash-scaled.jpg, 741260, https://riskboxuk.com/wp-content/uploads/2025/07/oliver-hale-oTvU7Zmteic-unsplash-scaled.jpg, https://riskboxuk.com/when-risk-assessments-arent-enough-what-we-learned-from-this-public-liability-case/oliver-hale-otvu7zmteic-unsplash-2/, , 6, , , oliver-hale-otvu7zmteic-unsplash-2, inherit, 2137, 2025-07-09 11:04:01, 2025-07-09 11:04:01, 0, image/jpeg, image, jpeg, https://riskboxuk.com/wp-includes/images/media/default.png, 2560, 1600, Array

Blog - July 9, 2025

 When Risk Assessments Aren’t Enough: What We Learned From This Public Liability Case
Read more
2132, 2132, jakob-dalbjorn-cuKJre3nyYc-unsplash, jakob-dalbjorn-cuKJre3nyYc-unsplash-scaled.jpg, 803910, https://riskboxuk.com/wp-content/uploads/2025/06/jakob-dalbjorn-cuKJre3nyYc-unsplash-scaled.jpg, https://riskboxuk.com/organising-an-event-heres-how-to-stay-protected-against-liability-claims/jakob-dalbjorn-cukjre3nyyc-unsplash/, , 6, , , jakob-dalbjorn-cukjre3nyyc-unsplash, inherit, 2131, 2025-06-23 14:38:16, 2025-06-23 14:38:16, 0, image/jpeg, image, jpeg, https://riskboxuk.com/wp-includes/images/media/default.png, 2560, 1707, Array

Blog - June 23, 2025

Organising An Event? Here’s How To Stay Protected Against Liability Claims
Read more
Read more
Contact Us

Have your own insurance challenge?

Get in touch with the RiskBox team for a solution.
You can reach us on 0161 533 0411 or info@riskboxuk.com.
Alternatively, click the button below and fill in our contact form.
Chat with us