Data Protection and GDPR Level 3 for Managers and Business (VTQ)

64 videos, 2 hours and 55 minutes

Course Content

Business Email Compromise

Video 47 of 64
1 min 33 sec
Want to watch this video? Sign up for the course or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

A business email compromise is one of the newer threats, otherwise known as CEO or Chairman Fraud, small and medium-sized businesses are usually targeted and can be devastated by one fraudulent email.

So how does Business Email Compromise work?

A fraudster emails a company’s payment department, they may be impersonating a contractor or supplier requesting that future payments go to a new account, often the sender's email closely matches a known address or the fraudsters have hacked into a real email account making it even harder to identify. The payment is then unwittingly made to the fraudster.

Another method used is to impersonate the CEO, in these examples, an employee within the payment department receives an email from the CEO requesting beneficiaries be set up and payments to be made, a member of the payments team sets it all up and authorises the payments. Later the error is discovered by which time it is too late.

This happened and cost one organisation in the US over £300,000.

How can these types of situations be avoided?

  • Never change or implement payments based on email only
  • Implement a two-step payment verification process, change of bank details should always be verified by telephone or letter
  • Always check email address, do not make assumptions