Business Email Compromise (BEC) is a sophisticated form of cybercrime where attackers gain access to a business email account—often without the organisation’s knowledge—and use it to commit fraud or scams. Typically, this involves impersonating trusted contacts such as suppliers, executives, or partners to trick staff into transferring funds or sharing sensitive information. In New Zealand, BEC is increasingly common and can result in significant financial losses, reputational harm, and operational disruption.
How Does BEC Work?
Attackers may use various tactics to compromise business email accounts, including phishing, credential harvesting, or exploiting weak passwords. Once inside, they monitor communications to identify financial transactions or upcoming payments. They then send convincing emails—often appearing to come from a known contact—requesting urgent payments or changes to bank account details. Because these emails are so convincing, even vigilant staff can be deceived.
Real-World Impact in New Zealand
- Significant Losses: In the last quarter of 2024 alone, New Zealanders lost $6.8 million to cybercrime, with BEC scams contributing to many high-value incidents.
- Business Disruption: Nearly 60% of NZ businesses experienced a cyber-attack in 2024, with 43% of incidents originating from email phishing—the primary vector for BEC.
- Legal and Reputational Risks: Recent New Zealand legal cases have shown that businesses can be held liable if they fail to take reasonable precautions against BEC, especially when dealing with the public.
Why is BEC a Growing Threat?
- Sophistication: Attackers invest time to study business processes and relationships, making their fraudulent requests highly believable.
- Financial Motivation: The potential payoff for cybercriminals is high, with some scams resulting in losses of tens or even hundreds of thousands of dollars per incident.
- Underreporting: Many incidents go unreported, meaning the true scale of the problem is likely much larger than official figures suggest.
Analysing Business Email Compromise (BEC) Tactics
How Silicon Protects Your Business from BEC
At Silicon, we understand the evolving threat landscape and offer comprehensive solutions to help NZ businesses defend against BEC and other cyber risks:
- Advanced Threat Protection
Our AI-driven, real-time threat detection and response platform identifies and neutralises suspicious activity across all major threat vectors, including email.
Behavioural analytics spot and stop even the most sophisticated BEC attempts, including fileless and zero-day attacks.
- Enhanced Email Security
We provide enhanced protection for Office 365 and other email platforms, blocking phishing, malware, and impersonation attempts before they reach your staff.
Dynamic analysis of URLs and attachments prevents users from falling victim to malicious links or files.
- Multi-Factor Authentication (MFA) and Strong Password Policies
Silicon implements MFA and enforces strong, unique passwords to make it much harder for attackers to gain access to your email accounts.
- Security Awareness Training
Our tailored training programmes educate your staff to recognise and respond to BEC and phishing attempts, dramatically reducing the risk of human error.
- Incident Response and Business Continuity
In the event of a breach, our rapid response team acts immediately to secure your systems, investigate the incident, and help you recover quickly.
Regular backups and business continuity planning ensure your data and operations remain protected and resilient.
- Legal and Compliance Guidance
We help you understand your obligations under NZ law and implement best practices to minimise liability and protect your reputation.
Take Action: Partner with Silicon
BEC is a real and growing threat to New Zealand businesses of all sizes. With financial losses on the rise and attackers becoming ever more sophisticated, it’s never been more important to take proactive steps to secure your business. Silicon’s award-winning IT management and cybersecurity services provide the protection, expertise, and peace of mind you need to thrive in today’s digital world.
Contact us today to learn how we can help safeguard your business from Business Email Compromise and other cyber threats.
Sources:
https://www.cert.govt.nz/Quarter One Cyber Security Insights 2024
https://www.ownyouronline.govt.nz/news-and-alerts/businesses-losing-big-money-to-cybercriminals/
https://www.microsoft.com/en-nz/security/business/security-101/what-is-business-email-compromise-bec
Let's Chat!
Drop us a line and we will contact you to discuss how Silicon can help you elevate your IT operations and transform your business.
(We promise no pushy salespeople, just a friendly team who are passionate about helping businesses like yours thrive.)