Always follow your organisation's official security guidelines when reporting suspicious emails.
What is a Business Email Compromise (BEC)?
A business email compromise (BEC) refers to an attack where a business email account has been compromised by an attacker and used to phish or scam other users inside the same organisation.
If you suspect a business email compromise, please contact your security team immediately. If an email account has been compromised, verifying the sender's identity by sending an email or an instant message (skype, slack) is not a safe option. Always seek for a face to face or over the phone confirmation.
Elements of a Business Email Compromise:
- Multiple emails to a wide audience from the same sender
- A person in your organisation sends an unusual email
- You are being asked to do something (e.g. click a link, send money, other instructions) urgently
Always follow your organisation's official security guidelines when reporting suspicious emails.