other icons_FA

Business Email Compromise

Cybercrime includes Business Email Compromise (BEC) which can be defined as “a criminal act where criminals illegally access an email account and communicate as if they are the user”. They do this by stealing account holders’ usernames and passwords through phishing or other means, to trick users into disclosing their details. They then utilise the compromised information to access and use the user’s email account.

Symptoms of a possible compromised email address include:

  • Complaints about spam being sent from your email address.
  • Emails are not being received.
  • Missing emails.
  • Receiving large numbers of undeliverable or bounce messages for emails you did not send.
  • Not being able to log into your email account.
  • Seeing unknown emails in your Sent Items folder.


  • Make sure your PC has the most up-to-date OS updates and antivirus/malware software.
  • Depending on the extent to which your account was abused, you may have to contact all email recipients who were spammed by your hacked mailbox to advise them that these communications were not legitimate.
  • Set up several email addresses. Use your original email address for personal or business communication as you’d normally do and use an alternative email address to communicate with your service provider, since many now ask for a different address for added protection. Then, use yet another email address for registering for websites, newsletters, online shopping and other services. In this way, the risk of a possible compromise is spread.
  • Use different and strong passwords for each account - one that is at least six characters long, and is a combination of letters, numbers and capitals/lowercase.
  • On a secure PC, log into your email and then check if any of the settings have been changed. This could indicate that your email account has been hacked, so ensure that if any of the settings have been altered, that you delete these immediately.
  • Once you have changed the settings, create a new password, and add your secondary email account as your alternative address.
  • Never list your main email address publicly anywhere online - in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers. Use a separate email address for the internet which is not linked to your personal or business email account.
  • Don’t use public computers to check email; there’s virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.