What it is
Business email compromise is when an attacker gets access to an employee’s email account without their permission, to carry out attacks or scams.
How it works
The most common way business email compromise happens is when a scammer gets access to an employee’s email password. They can access passwords in a number of ways including:
- guessing or code cracking weak passwords
- finding passwords in
dumps
Your personal details, specifically your login details for online accounts.
- collecting account login information through
campaigns.
when a scammer pretends to be someone else, like a bank or NZ Post, usually via email, trying to get your personal information or even money.
Create a password policy for your business
The risks
Business email accounts usually hold a lot of information about billing cycles and bank accounts, and often have large contact lists. Once a scammer has access to an email account, they can use it for a range of attacks or scams including:
- invoice scams – these are common and involve sending fake invoices pretending to be from a business
- intercepting legitimate invoices and changing the payment details to redirect payments to their bank account
- sending phishing emails
- sending
.
refers to viruses and other pieces of software than can infect your devices. Short for 'malicious software'
Business email compromise can affect small companies through to large organisations, and result in loss of finances and private information. It can impact both the business and their clients. It can also cause reputational risk.
