In this digital age, email is a foundation service that we use for almost everything in our personal and business lives. Sadly, email has been a prime attack vehicle for cybercriminals for many years. Once an unsuspecting user’s email is compromised, the attacker can commit fraud and launch a myriad of additional cyber-attacks.

This article contains a simple checklist your staff can follow for preventing or reducing the effects of Business Email Compromise (BEC) at the workplace, home office, remote office, and when working on the move.

What Is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is the term given to the scenario where a business email user has been duped into clicking a link or viewing an attachment of a malicious email. Their device, email account, and company network may now all be compromised.

Once the attacker gains access to a single email account, end-user device, or an entire business network, they look for authentication credentials, business process information, forms, and consumer identity data. They may instigate a full-blown ransomware attack on the company.

BEC: Why Prevention Is Better Than a Cure

While email remains a common form of compromise that leads to further attacks and fraud, there are several things the staff in your organisation can do to prevent BEC from affecting business operations.

In parallel to your security team monitoring and defending against such attacks through anti-phishing email security, at Securus Communications, we firmly believe that educating staff on recognising potential email threats is a crucial defence tactic.

12-Step Business Email Compromise Checklist

12-Step Business Email Compromise Checklist

By remaining vigilant, you and your employees can take several simple steps to minimise email compromise (BEC) in the workplace, presented in the following checklist.

1. Check that the Sender Email Is Legitimate

There are a few quick ways to determine whether the sender of an email is legitimate. First, if the name attached to the email is familiar, check to be sure the email address matches. 

For example, if it’s a co-worker, the email address should be listed in the company email directory. Also, be sure the domain name is spelt correctly. Often, the hacker will create fake domains that closely resemble the real one but will alter a letter or two so that the recipients don’t notice. 

If the domain name is more generic for external emails (such as or, it should be deemed suspicious. No professional organisation would use a non-business email account to send an official email.

2. Be Suspicious of External Emails

An external email comes from a domain other than your company’s own domain name. While that doesn’t mean it’s a fraudulent message, it does give you cause to examine the email before responding further.

Most modern email systems mark emails from outside the organisation as “External,” so recipients have a visual indicator that the email is coming from an outside source.

If the external email contains links or attachments, you should take time to check the validity of the email address. If the message asks you to log on to your account, you can verify by going directly to the service’s home page instead. Log in from the home page and not from the link in the email. 

3. New Contacts Can Be a Threat

External emails often come from other companies or individuals reaching out to you for supposed professional reasons. Some may be looking to connect, and others may be trying to sell you a service. 

Although most of these are legitimate marketing or networking messages, some can be malicious phishing emails designed to infect your device with malware. You can apply the same guidelines for verifying the sender or mark the message as spam. 

If any email looks suspicious, you should immediately forward it to your IT security team. Sometimes, phishing emails make it through your organisation’s spam and malware filters, and reporting suspicious messages help to strengthen your organisation’s security. 

4. Never Respond to External “Fantastic Deals” Emails

Never Respond to External “Fantastic Deals” Emails

Any email (internal or external) that arrives in your inbox promoting too-good-to-be-true offers is probably just that, too good to be true. When a victim clicks on the offer link, they risk downloading malware to their device and compromising the entire network.

Other times, potential targets are guided to a login page that is a front for stealing user credentials. The URL may resemble a familiar website where you are likely to have an account, such as Amazon, Facebook or LinkedIn. 

Never respond to such messages. If a message with a “fantastic deal” makes it to your inbox, forward it to your company’s security team to investigate.

5. Check Links

One way to check the links in an email is to hover over them with your mouse. Never click on the link until you verify that it is legitimate. If you are viewing the message from your mobile phone, you may not be able to do this. If that’s the case, we recommend that you wait until you have access to your desktop. 

You can always go to the website’s homepage to access your account or call the customer service number listed on the home page. Do not trust any links or phone numbers listed in the email. 

6. Poor Grammar and Punctuation

Most often, phishing emails are poorly written. Even if the spelling is correct, they often contain poor grammar and punctuation as English may not be the first language of the cyber attacker.

Some speculate that poor grammar is intentional and a way of filtering, so only the most gullible users will fall for the scam behind the message. Regardless, many phishing and other malicious messages arrive in your inbox with poor grammar and punctuation. Should you receive one, report it to IT security right away.

7. Follow Up with a Phone Call

Follow Up with a Phone Call

Call the sender to clarify if a message looks suspicious, yet the email seems valid. Often, cybercriminals have gained access to someone else’s account and are sending phishing emails to individuals in their contact lists.

In this case, you recognise the sender because the email address is accurate and correct, though the message itself is suspicious. For example, the sender may be asking for sensitive user or banking information. 

Calling your contact accomplishes two things. First, it verifies the request in the email. Second, you may be alerting your contact that their email account has been compromised, and they are still unaware. 

8. Suspicious Attachments

Phishing emails generally contain a payload of some sort and will take the form of an infected attachment or a URL to a bogus website. Either way, the goal is usually to lure the victim into downloading malware to their device. 

An infected attachment appears to be a harmless document like an invoice, for example, but it actually contains malware. Once the suspicious attachment is opened, malware will infect the user’s device and spread across the network, infecting others.

You should never open an attachment unless you are confident the message and payload are legitimate. The same principles apply to URLs contained in the email.

9. Reporting Suspicious Emails

Upon receipt of a suspicious email, staff should report it to their organisation’s IT security team right away. Doing so helps security recognise new threats and adjust their spam filters accordingly. If you receive a phishing email, that means it somehow leaked through the security measures already in place. 

Hackers come up with new schemes all the time. Security software adapts quickly but reporting threats that land in your inbox helps to mitigate these new threats faster. By reporting the email, you strengthen the IT team’s ability to monitor and recognise new threats.

10. Ensure You Have Recently Attended IT Security Training

Every staff member should have received training on IT security and participate in refresher training at least annually. Most of the time, IT and Human Resources (HR) work together to ensure that all employees complete annual training. If you have not received training, speak to your HR team.

Securus Communications can help business owners put security training in place if your organisation doesn’t currently offer such security training to staff. Data has shown that companies can reduce the threat of phishing scams by teaching and reinforcing the concepts taught in cybersecurity training.

11. Change Your Email Password Monthly

Change Your Email Password Monthly

One of the simplest ways to protect staff email accounts is to force a monthly password change in combination with a password vault. Once a hacker infiltrates a single employee’s email account, they have access to that individual’s contacts to send malicious emails that the recipient may treat as authentic.

A password vault is a software application that stores passwords in a single, secure digital location. The vault encrypts stored passwords and provides users with a single master password for accessing all the passwords in the vault.

12. If A Suspicious Link Is Clicked

If you inadvertently click on a link or download what you thought was a legitimate app, immediately reporting it to IT security is vital so they can act to mitigate the damage. Keeping quiet allows the damage to spread unchecked throughout the network.


IT security teams remain vigilant when monitoring, blocking, and mitigating malware and other threats. However, many breaches occur through Business Email Compromise (BEC), so end-user awareness is the best form of defence. By training staff to identify and report suspicious emails, your organisation can prevent BEC attacks from becoming a problem.

From anti-malware, anti-phishing, SEO poisoning, and 2FA to SASE and cloud-based air-gap immutable backup storage, Securus has a security solution to suit your requirement and budget. If you would like to discuss your network security requirements in more detail with one of our cyber security professionals, please don’t hesitate to get in touch.

Further Technology Articles