Whether we are technology geeks or not, probably most of us have at least one email address that we use regularly. What some of us may not know yet is that many dangers can come from email compromise – especially if we’re talking about business email. 

However unimportant your email information might seem to you, malicious actors value everything they can get: invoices (which usually contain names, addresses, phone numbers), scanned ids, insurances, bank account information, tax forms, order confirmations from online shops, travel itineraries and calendar, “reset your password” emails and so on. 

Things can get even more complicated if business email accounts are compromised – the consequences of a data breach can be money loss, time loss, reputation damage, fines or legal suits, maybe even dismissal or confinement. 

Let us have a look at some of the most common forms of email compromise, how you can recognize them and what you can do to keep your company safe! 

Email Compromise: Forms


Phishing can be defined as “a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.”

Most of the times, the malicious actors send phishing emails that appear to come from financial institutions, online retailers and services, social networks and government agencies, but also from colleagues, friends or family members of their victims. 


Spoofing represents “a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.” 

Spear Phishing

Spear phishing is, as my colleague Vladimir notes,an email spoofing attack that targets very specific and very ‘employed’ individuals. As Aaron Ferguson noted, spear phishing attacks are directed against an employee or an organization.”

This type of attack is usually successful because “the ‘spoofer’ really does his homework. Before a spear phishing’s attempt been made, the attacker will try to gather as much info as he can about his victim: name, work address, company’s profile, position, phone numbers, emails. When he has enough info, he will dispatch a cleverly penned email to the victim.” 


Whaling represents a form of email compromise “whose objective is to collect sensitive data about a target. What’s different from phishing is that whaling goes after high-profile, famous and wealthy targets, such as celebrities, CEO’s, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cybercriminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.” 

Business Email Compromise

Whaling can be considered a form of business email compromise (BEC) – a social engineering attack in which hackers pose as the CEO of the company where their victims work or another authority figure and ask for money or access to sensitive data. 

As my colleague Miriam explained, business email compromise attack work because like all social engineering attacks, they rely on the human factor in order to be successful. This means that the innate human tendency to be a social creature is what is exploited here. Because people have an innate desire to be helpful and to prove one’s usefulness, they are likely to fall victims to BEC attacks. The desire to say ‘yes’ to a request overrides the desire to double-check if everything is in order with that request in the first place.” 

email compromise - bec timeline


Malicious Links

Another form of email compromise is represented by the use of malicious links – to various ends. Hackers can send emails with malicious links to spread ransomware, viruses, trojans, any type of malware to compromise a machine or a network or even to persuade victims to provide confidential information on fake websites. 

Email Compromise: Clues

Email compromise comes in many forms, but the clues that your email was hacked are pretty similar in most cases: 

  • You’re warned that your password is incorrect. If this happened and you don’t remember changing it recently, it’s clear that a malicious actor got access to your email. 
  • You get unexpected password reset emails. This is another clear sign that someone has been trying to get access to your email account. Pay attention to secondary email addresses, since this is where this kind of emails are usually sent. 
  • You notice unusual IP addresses, devices or browsers in your login activity and the locations where your accounts have been accessed from. 
  • You notice suspicious or unknown emails in the sent folder.  Some hackers might just want to get access to your email to be able to send spam or continuously hunt for information, not necessarily for locking you out of it. 

When it comes to actually spotting a “phishy” email, Microsoft suggests looking at the urgency of the request in the email: 

Very frequently, phishing campaigns will have urgency built into the request and promise dire consequences if you don’t act promptly – something along the lines of “confirm your credentials or your account will be turned off.”

Look at whether the request is atypical for the sender. Is it asking for personal or confidential information over email, a request that you ordinarily don’t receive? Is it asking to change the designated account for receiving wire payments? Any of these out-of-the-ordinary requests should be a red flag for the recipient. 

Other clues: 

  • slight (or serious) errors or differences in the sender’s email address
  • misspellings and/or grammatical errors
  • unusual or inappropriate language or tone.
  • high-level executives asking for strange information. 
  • confidentiality requests.  

Email Compromise: Examples 

Email compromise attack examples are, unfortunately, countless – I will only mention a few:  

  • In 2018, the non-profit organization Save the Children was hit by BEC attacks and lost about 1 million dollars. What happened? An organization’s employee account was compromised and received fraudulent invoices and documents that seemed to be linked to an Asian project.  
  • In the same year, the French cinema company Pathé lost 19 million euros due to a BEC attack in which the CEO of the company was impersonated by a hacker. 
  • In 2019, the Japanese supplier of auto parts Toyota Boshoku Corporation fell victim to a 37 million dollars BEC scam. What happened? An executive in the company’s financial department was tricked into making a wire transfer. 
  • Last year, the Western world was taken by storm by hackers using a Corona Virus phishing scheme. The scheme included fake CDC alerts, advice emails from fake Wuhan medical authorities and Emotet payloads. 

email compromise - coronavirus phishing campaign

Source: Bleeping Computer 

You can find more details about the 2020 Corona Virus phishing attacks in the article of my colleague, Miriam

Email Compromise: Precautions

As you have seen, email compromise is a serious, dangerous and always lurking threat. Luckily, there are various things you can do to avoid becoming a victim

  • Use social media carefully. As FBI notes, “by openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.” 
  • Don’t click on any link that you find in unsolicited emails and never open an email attachment from someone you don’t know. 
  • Always check the email address, URLs and the spelling in the messages you receive, especially in the case of those who seem “urgent”. 
  • When payment procedures are involved, always verify them in person, if possible, or by calling the email sender to make sure they’re legitimate. 
  • Make sure you use strong, unique passwords for your accounts and always use multi-factor authentication where possible. 
  • Use email security software. For this part, you can try our very own Heimdal™ Email Security and Heimdal™ Email Fraud Prevention

Heimdal™ Email Security can stop malware, malicious links and prevent phishing and ransomware. It offers server-based email protection: this means it scans the emails before they get to your device and before they ever reach your inbox. Everything happens in the cloud, at the server level. Our email security solution can also help you prevent spreading spam from inside your network to other users. 

Heimdal™ Email Fraud Prevention can detect CEO and financial mail fraud, spot Insider Business Email Compromise, discover imposter threats, but also advance malware emails. 

It uses 125 detection vectors to keep your email safe. The most important are: phraseology changes, IBAN / account number scanning, attachment modification, link execution and scanning, man-in-the-email detection. 

Heimdal™ Email Fraud Prevention is actually able to learn the senders’ communication patterns, in order to detect the smallest modifications. Both you as a user and the IT administrator will be notified when a fraudulent email enters your inbox. Moreover, a team of experts would be there for you 24 hours / 7 days a week, to analyze possibly dangerous isolated emails in order to avoid false positives. 

Heimdal Official Logo
Email communications are the first entry point into an organization’s systems.

Heimdal™ Email Fraud Prevention

Is the next-level mail protection system which secures all your incoming and outgoing comunications.
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters to protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

  • Train your employees. The training should be done regularly and it should include information about the various types of email compromise, how it can be recognized, what to do to avoid it and how it should be reported. 

More information on what to do next and how to report email fraud can be found in some of our previous articles. 

Email Compromise: Wrapping Up

Malicious actors can obtain valuable data from your email and they can use it to harm devices and even networks. To avoid all the unpleasant consequences that a successful attack would bring, information and prevention are essential. 

However you choose to proceed, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions regarding the topic of email compromise  – we are all ears and can’t wait to hear your opinion!

Vendor Email Compromise (VEC) Explained

Heimdal™ Security Launches Heimdal™ Email Security, the Solution against Business Email Compromise (BEC)

Leave a Reply

Your email address will not be published. Required fields are marked *