BUSINESS CONTINUITY - Business Email Compromise

Updated: Apr 3

As we navigate through the unprecedented challenges created by COVID-19, renewed commitment across our global teams to set up for success and continue delivering without compromise is more important than ever before.



Many are now working from home, finding new ways to connect with colleagues and clients. This time of uncertainty is susceptible to being exploited by cybercriminals, with evidence many businesses are becoming more susceptible to fraud. As we adjust to new working conditions, reinforcing vigilance against fraud is more important than ever before to ensure we protect ourselves and our data.


Business Email Compromise (BEC) scams are particularly prevalent; a form of phishing attack aiming to compromise bank accounts by instigating a change in bank details.

Typically, these attacks are by email, but they can also occur by SMS text.

To improve the odds of businesses not falling prey to such attacks, it is important for business leaders to renew communication to their teams to be ever vigilant and continue, without exception, to use established processes and communicate any recent updates control procedures within the business.


More than ever before, now is an important time for business leaders to encourage all their staff working from home to adopt these minimum safety measure, and


• Exercise vigilance around all emails, especially requests to change bank details.


• Ensure bank account or beneficiary change requests are provided on headed paper of the beneficiary and duly signed in original form.


• Not to accept faxed details under any circumstances.


• Ensure emailed details contain verifiable proof of identity with bank details.


• Ensure any request can be authenticated via alternate channels, in a two step or three-step process, or even via a phone call from an independent and verified number.


• If independent verification is not possible, payments/change requests should be held until such time this is achieved;


In general, employees should be mindful on being pressured into releasing any payments or payment information, or any business sensitive information.