These two Business Email Compromise solutions help mitigate risk for this growing danger.

Business email compromise is a hot topic as cyberattack threats proliferate in the wake of the global pandemic. Thieves and hackers (aka “Bad Actors”) are putting in overtime to gain valuable data to sell in booming Dark Web markets – and looking for ways to scam overstressed, overscheduled, and overworked executives. Effective business email compromise solutions aren’t hard to find, but they may be hard for executives to swallow.

How does business email compromise work?

Business email compromise is a type of advanced, precisely planned phishing scam that’s played for high stakes. All of these attacks are very carefully orchestrated spear-phishing/whaling attacks, but there are three main components.

Cybercriminals choose a target and obtain information about that target that allows them to construct an extremely convincing email that will persuade the target to take action, like pay a fake bill, for example:

  • An executive receives an email with an invoice for services from a trusted vendor with a note that the vendor has redone their website and needs the company credit card information updated for payment.
  • The executive instructs an assistant to go to the vendor’s new website, update their account information, and pay the bill.
  • The cybercriminals collect the payment and make a profit.

Don’t Give Bad Actors Privileged Access to Data and Systems

Cybercriminals don’t just use business email compromise operations to get paid. They also use them to gain access to a company’s data and systems to steal corporate secrets, pilfer records and data, unleash ransomware, spoof emails to use in phishing attacks on clients and business partners, and cause other potentially damaging criminal mayhem.

Access to an executive account is a Golden Ticket for bad actors. Highly placed accounts receive less generic traffic, so the account holder is more likely to read and interact with the email. Many executives regularly communicate with business partners, service providers, or vendors. Executives are also likely to be in a hurry – making them less likely to notice that an email doesn’t quite pass the smell test.

What can companies do to fight back? Every single account is at risk for cybercrime, from the interns to the C Suite. Institute regularly updated security awareness training for every user at every level, with no exceptions – and no excuses for skipping it. Executives may think they’re too busy to take time out for training now, but they’ll be much busier trying to recover from a devastating cyberattack that results from something like business email compromise.

Take Executive-Level Security Awareness Training Seriously

Most companies give executive accounts a high level of privilege with trusted user or administrator-level access to sensitive systems and data, but the account holders get very little security awareness training. While it may seem like high-powered executives have more important things to do than update their security awareness training, that’s definitely not true – highly privileged executive user accounts represent a bigger danger to the company if they’re compromised.

Boost Executive-Level Phishing Resistance Training

Phishing has boomed during the global pandemic and is quickly becoming 2020’s most dangerous cybersecurity threat – making phishing resistance and security awareness training essential for users at every level in an organization. Phishing awareness training is essential for increasing awareness of other threat vectors too, because phishing isn’t just an email problem anymore.

Optistar’s Security Awareness Training offers thorough education that will bolster your defenses, protecting your company from threats like ransomware and business email compromise. Ask us about a complimentary trial of training for your staff. Email us today at, visit or call us at 888-782-7003 for details so that your main line of defense can be stronger than ever.