Business email compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data. For this reason, BEC attacks are often directed at senior staff, or those that can authorize financial transactions. This is one of the main agendas for many governments to fight with these issues to relief their citizens.
Unfortunately, BEC attacks (which are a type of phishing attack) are on the increase. A recent government report on digital cyber-attacks revealed that in 2023, 84% of businesses and 83% of charities have experienced a phishing attack in the past 12 months. The good news is that the NCSC has recently published new digital guidance on BEC that includes practical steps that will reduce the likelihood of your organization suffering from a BEC attack. It is specifically aimed at smaller organizations who might not have the resources (or expertise) to implement the NCSC’s existing digital guidance on phishing attacks in full.
