Last updated: 8 March 2021
At HSBC, we’re committed to online security and helping you protect your business against fraud and theft. One of the ways we do this is by keeping you informed of emerging trends and threats among cybercriminals and fraudsters.
Business email compromise can happen when a fraudster sends an email to your company impersonating a contractor, supplier, creditor or even someone in your senior management. For example, the payments team may receive:
An email appearing to be from the CEO asking that an urgent payment be made. This is often accompanied by a request for secrecy, directing the recipient not to discuss the matter with anyone else.
An email from a supplier advising that their account numbers have changed and instructing all future payments be sent to the new account.
Since the sender's email may closely match a known address, this type of fraud often goes unnoticed until it’s too late. Cybercriminals may even hack into a real email account, making fraudulent requests hard to identify.
Start by making your payments team and/or relevant staff aware of this type of fraud so they can be on the look out for it.
We also recommend that you:
Implement a two-step payment verification process
Before processing payment requests, conduct a non-email check with the person who has sent the payment request to verify that the request is genuine (e.g., phone, instant message).
If you suspect you’ve been a victim of a business email compromise fraud, please contact your local HSBCnet Support Centre immediately.
Learn what else you can do to protect yourself online with our online security guides and tips.