In many companies, almost everything happens via email: purchase orders, invoices, payment approvals, contracts. That makes corporate email a very attractive target for criminals.
When someone takes control of an executive’s, supplier’s, or finance team member’s account, they can use it to send fake payment instructions or change bank details. This is known as Business Email Compromise (BEC).
What is Business Email Compromise (BEC)
BEC is a type of fraud in which attackers take control of a legitimate email account (for example, a supplier’s or an executive’s) and use it to deceive other people inside or outside the company.
Because the email is real, the messages appear completely trustworthy.
Common email-based fraud scenarios
Some frequent examples:
- A real supplier writes to you (from a compromised account) saying they changed banks and sends a new account for payments.
- A supposed CEO or CFO sends an email requesting an “urgent and confidential” transfer.
- Real invoices are sent, but with altered bank details so the money goes elsewhere.
How attackers compromise corporate email
Typically, the first step is phishing: a fake email that leads to an imitation login page where someone enters their username and password. Weak or reused passwords and the lack of multi-factor authentication also contribute.
Once the attacker has the password, they access the mailbox, observe how the company communicates, and wait for the best moment to execute the fraud.
The real impact on SMBs
For a small or medium-sized business, this type of fraud can mean:
- Significant financial losses from payments sent to the wrong accounts.
- Conflicts with suppliers who never received the money.
- Trust issues with clients and partners.
- Potential legal implications if sensitive data is involved.
Warning signs in payment and finance emails
It’s worth being cautious when:
- A supplier asks to change bank details via email only, especially with urgency.
- An executive requests unusual transfers outside normal processes.
- The tone of the email feels “off” for that person (too informal or too formal).
- The email address has small variations (for example, an extra letter in the domain).
What to do if you suspect a BEC incident
If you believe an email account was compromised:
- Immediately change the password and enable multi-factor authentication.
- Review filters, auto-forwarding, and inbox rules (many attackers create rules to hide their emails).
- Inform affected suppliers and clients so they can confirm payment instructions through another channel.
- Contact your bank to see if any transfers can be stopped or investigated.
- Involve your IT team or service provider to assess the scope of the incident.
Simple policies that reduce risk
Some practical measures:
- Require bank account changes to be confirmed via a second channel (call, video call, etc.).
- Define payment thresholds that require two approvals.
- Enable multi-factor authentication on all corporate email accounts.
- Train finance and procurement teams regularly on detecting email fraud.
How NOVA TRADING supports your corporate email security
At NOVA TRADING, we help SMBs see email not just as a work tool, but as a potential critical failure point. We guide you on best practices, basic security configuration, authentication, and payment validation processes that reduce the risk of falling victim to BEC.
The goal is for your finance and procurement teams to work with peace of mind, knowing they have clear rules and reasonable technical safeguards.
NOVA TRADING: your trusted tech partner, protecting your digital life.