Whakamōrea īmēra ā-pakihi

Business email compromise

If a scammer gets access to your business email, they can use it to email your contacts to try to get money or personal details from them.

What it is

Business email compromise is when an attacker gets access to an employee’s email account without their permission, to carry out attacks or scams. 

How it works

The most common way business email compromise happens is when a scammer gets access to an employee’s email password. They can access passwords in a number of ways including:

  • guessing or code cracking weak passwords
  • finding passwords in dumps
  • collecting account login information through campaigns.

Create a password policy for your business

The risks

Business email accounts usually hold a lot of information about billing cycles and bank accounts, and often have large contact lists. Once a scammer has access to an email account, they can use it for a range of attacks or scams including:

  • invoice scams – these are common and involve sending fake invoices pretending to be from a business
  • intercepting legitimate invoices and changing the payment details to redirect payments to their bank account
  • sending phishing emails
  • sending .

Business email compromise can affect small companies through to large organisations, and result in loss of finances and private information. It can impact both the business and their clients. It can also cause reputational risk.

To protect your business against invoice scams, consider setting up eInvoicing.

Benefits of eInvoicing – eInvoicing Pūtea Tāhiko

Protecting your business against email compromise

Always verify emailed payment requests with an or a call to the person or business who sent you the invoice.