Filenews 29 October 2025
The Cybercrime Sub-Directorate recommends the public's attention to incidents of fraud using a compromised email account.
Business Email Compromise (BEC) is an exploit in which an attacker gains access to a business email account and impersonates the identity of the owner in order to defraud the company and its employees, customers or partners. Often, an attacker will create an account with an email address nearly identical to the one on the corporate network, relying on the supposed trust between the victim and their email account.
In most cases, scammers will focus their efforts on employees who have access to the company's finances and try to trick them into making bank transfers to bank accounts that are considered trustworthy, when in fact the money ends up in accounts belonging to the criminals.
The most frequent victims of BEC are typically companies that use bank transfers to pay international customers.
If the money fraud is not detected early, the funds can often be nearly impossible to recover, due to any number of laundering techniques that transfer the money to other accounts.
Good practices
As a business
• Ensure that employees are informed and aware of the specific form of fraud and how to avoid it.
• Implement a process to verify the legitimacy of payment requests you receive.
• Instruct the staff responsible for paying invoices to always carry out checks to detect any irregularities.
• Check the information posted on your business website and specifically your contracts and suppliers. Ensure that staff limit the disclosure of business information on social media.
As an employee
• Verify that all payment requests come from the actual suppliers of the business, especially if they ask you to modify their bank account details for future payments of invoices or other documents.
• Do not use the contact details included in the letter/fax/e-mail requesting the change of details. Instead, use the contact details from your previous correspondence with the supplier.
• Define unique points of contact with businesses, where you make payments at regular intervals.
• For payments that exceed a certain amount limit, establish a process to confirm the correct bank account and recipient (e.g., contacting the business).
• When you pay an invoice, send an e-mail informing the recipient of the payment. On it, write the name of his bank and the last four digits of his bank account to secure the transaction.
• Limit the information you share about your employer on social media.
