5 tips to help you avoid business email scams



The speed with which we interact online, makes it easy for even the most eagle-eyed of us to fall prey to a scammer with a reasonably genuine-looking profile.

Have you ever gone to click a link and then stopped at the last moment? Well if so, read on for our top five tips to avoid a business email phishing scam or BEC (Business Email Compromise).

1. Check business email addresses closely

Cyber criminals use compromised business email accounts, or spoof the sending email addresses. It is, unfortunately, simple to alter the email header, so when it lands in your inbox, it appears legitimate, albeit perhaps generic. An apparently legitimate sender email address is absolutely no guarantee of authenticity.

2. Be aware of the multiple types of phishing

Phishing email attacks are on the rise and they are usually sent out in large numbers and form part of a broader email spam attack. There are several types of phishing emails:

Deceptive Phishing: these impersonate a legitimate sender with the main objective to obtain personal information and to access to further financial details.

Spear Phishing: these are highly personalised to get the user interacting with them directly. They often use a known senior individual’s credentials as the sender profile to establish legitimacy in an attempt to obtain sensitive information.

Whale Phishing: this is targeting a business team as a whole. The cyber-criminal could impersonate the CEO or a senior executive and usually stresses the need for urgent action.

3. Unusual communications

These will be situations where a legitimate sender cannot use regular methods of communication. Common scenarios include their normal email account being down; communication in transit, for example from an airport; or problems with their mobile phone.

Whilst these situations genuinely occur every day, scammers exploit them too. They present a seemingly convincing story as to why they cannot go through the usual checks or approval process with you and may offer an element of reward for following their specific requests. If you are in any doubt, assume the worst.

4. Rewards which could be too good to be true

There could be a reward attached to the sender’s requests. Be wary if it seems over-generous, is a high-value free gift or a vastly discounted item. Usually, these rewards come with a deadline to create a sense of urgency and the target will often act on impulse.

5. Common scams to watch for

Online gift cards, particularly in the run-up to the festive season with high values that are seemingly authorised by someone already in the business, or appear as a genuine offer.

Fake invoices, with the sender impersonating existing company suppliers and tracking regular amounts, then raising similar invoices used to extract funds in a fraudulent manner.

Tax Scams, as year-end closes, be on the look-out for requests for personal information via tax checking scams, used to extract personal data via requests purporting to be from HMRC or your HR department.