Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Prices leak for every Pixel 10 phone

    July 31, 2025

    Why AI researchers are getting paid like NBA All-Stars

    July 31, 2025

    This Smart Basketball Tracks Data About Every Shot. It Could Be Headed to the NBA

    July 31, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » How to Spot a Business Email Compromise Scam
    Security

    How to Spot a Business Email Compromise Scam

    News RoomBy News RoomJuly 19, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    So this is the first step: Take control of your emotions. Yes, it can be difficult if you work in a demanding field. But it’s your best first defense, and your employer will thank you for it (or, at least, they should).

    Always Confirm Through a Second Channel

    Now that you’re skeptically questioning the legitimacy of the urgent request, check to make sure the email is coming from the person it claims to be from. The best way to do this is to ask—just be careful.

    “If you received an email like this, it’s important to pick up the phone and call the number you know to be legitimate,” says Larson, adding a caveat. “Do not rely on a phone number in the email itself—it will be owned by the threat actor.”

    This is a crucial point: Any contact information in the email itself is likely compromised, and sometimes cleverly so. Use the phone number you’ve already saved in your phone for the person in question, or look up the phone number on an official website or in an official company directory. This applies even if the number in the email looks correct, because some scammers will go through the trouble of getting a phone number that’s similar to that of the person they’re impersonating, all on the hopes that you’ll call that number instead of the real one.

    “I’ve seen phone numbers off two digits from the actual phone number,” says Tokazowski.

    Call the person who supposedly emailed you—using a number you are 100 percent sure is real—and confirm the request is authentic. You could also use some other secure communication channel like Slack or Microsoft Teams, or, if they’re in the office, just ask them face to face. The point is to confirm any urgent request somewhere outside of the initial email. And even if the person is your boss or some other bigwig, do not worry about wasting their time.

    “The person that is being impersonated would so much rather have someone take the time to confirm than to lose thousands or a million dollars in a malicious transaction,” says Larson.

    Check the Email Address

    Getting in touch with the supposed sender isn’t always an option. If not, there are a few tricks you can use to spot whether an email is real or fake. The first: check the email address and make sure it’s from the company domain.

    “Always check the domains that you’re receiving emails from,” says Larson. Sometimes this will be obvious; your CEO likely isn’t emailing you from a Gmail account, for example. Sometimes it will be more subtle—fraudsters have been known to purchase domains that look similar to that of the company they’re attempting to defraud, all in the hopes of appearing legitimate.

    It’s also worth checking to see if the email signature matches the address the email is coming from. “If you look in the footer, they’ll use the actual domain of the company to make it look legitimate, but that won’t match the email address,” says Larson. Just keep in mind that the difference might be subtle. “Look-alike domains are very common: Someone will do a slight variation, like an ‘l’ instead of an ‘i’, to make it look legitimate.” One way to test that, if you’re suspicious, is to copy and paste the domain half of the address into a browser. If you don’t get a website, you’re probably dealing with a fake.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleGoogle’s shortened links will stop working next year
    Next Article The Bold Bose SoundLink Max Is Our New Favorite Outdoor Speaker

    Related Posts

    Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

    July 29, 2025

    DHS Faces New Pressure Over DNA Taken From Immigrant Children

    July 25, 2025

    At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

    July 24, 2025

    China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

    July 23, 2025

    How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

    July 21, 2025

    Hackers Are Finding New Ways to Hide Malware in DNS Records

    July 19, 2025
    Our Picks

    Why AI researchers are getting paid like NBA All-Stars

    July 31, 2025

    This Smart Basketball Tracks Data About Every Shot. It Could Be Headed to the NBA

    July 31, 2025

    Oakley Meta HSTN Limited Edition review: a polarizing choice

    July 31, 2025

    DJI’s first 360-degree camera can continuously capture 8K footage for over 100 minutes

    July 31, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Gear

    How Apple’s New Spotlight Compares to Raycast

    By News RoomJuly 31, 2025

    There are all kinds of actions included out of the box. You can add calendar…

    Uber Eats is adding AI to menus, food photos, and reviews

    July 31, 2025

    Hey Microsoft, is it “Xbox PC” or “Xbox on PC”?

    July 31, 2025

    15% Off Theragun Promo Code for August 2025

    July 31, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.