Business email compromise is the second most expensive cybercrime — expert explains how hackers impersonate bosses and what companies can do to protect themselves
Cybercriminals are constantly searching for more effective attack methods. While cyber-aware employees can spot the red flags in basic, award-promising email scams, most won’t think twice about clicking on a link sent by their boss. Vakaris Noreika, a cybersecurity expert at NordStellar, a threat management platform, explains how hackers exploit employee trust in their colleagues to infiltrate business networks and inflict multi-million dollar damage.
Business email compromise is a sophisticated social engineering attack meant to deceive victims by impersonating trusted individuals — their colleagues. Unlike traditional phishing scams, these attacks are highly targeted and personalized, relying on broader research about the company, its employees, and even conversations within the organization.
According to the FBI Internet Crime Report, business email compromise was the second most expensive cybercrime by experienced loss, amounting to over $2.7 billion. It’s held this title for three consecutive years, and the reported losses haven’t gone under the $2.7 billion mark.
Noreika explains that business email compromise attacks are financially devastating because they provide a direct entry point to infiltrate a company’s network by targeting employees.
“From a technical standpoint, business email compromise is a very effective attack because it doesn’t require the use of malware, which makes them easier to deploy and they can go undetected by standard cybersecurity tools,” says Noreika. “They’re a more sophisticated version of common phishing scams. However, the reason for their efficiency lies in the target — a single compromised account is enough for cybercriminals to access internal networks or gather more information and prepare to strike when the opportunity arises.”
How do they work?
According to Noreika, cybercriminals typically carry out business email compromise attacks using data available online: they research the company, its departments, and its employees using platforms like LinkedIn. Afterward, they create look-alike domains to impersonate authority figures in the company, such as managers, and craft convincing emails asking for credentials, sensitive data, or wire transfers.
“Attacks that utilize data available online are more standard, resembling basic social engineering scams. However, since they’re targeting companies — not individuals — they usually carry the potential of more significant monetary gain for cybercriminals. Even without gaining access to the network, hackers can trick employees into transferring company funds to their controlled accounts, get their hands on confidential data that they can sell to competitors or publish on the dark web, or gather sensitive personal information on employees or clients, resulting in a data leak”, says Noreika.
He explains that in more advanced cases, cybercriminals utilize the dark web to search for previously leaked employee credentials and use them to access business accounts. Once they have access, they monitor daily conversations, gather more context, and wait for the right time to strike — once the stakes are high or the target is more likely to fall for their scam.
“If they manage to infiltrate an account to collect intelligence, hackers could be waiting for the perfect opportunity to request a wire transfer by impersonating a vendor or re-direct employee salary payments. However, business email compromises are often a gateway to deploy more damaging attacks,” explains Noreika. “Once inside the network, cybercriminals can facilitate a ransomware attack, spread malware to employees, clients, and partners, and deploy supply chain attacks.”
Prevention and defense
Noreika emphasizes that the first step companies should take to safeguard against business email compromise attacks is to build a comprehensive security strategy and raise employee cybersecurity awareness.
“Even the most cyber-aware user can fall victim to business email compromise attacks because they exploit the added layer of trust that comes with impersonating a person of authority in the organization. As a result, businesses should educate their employees on this specific type of attack — what constitutes suspicious activity and how to adopt a better-safe-than-sorry approach,” says Noreika. “Reinforcing policy and procedures requiring written documentation and dual approvals where sensitive data or wire transfers are involved also help to reduce the possibility of employees falling victim to scams.”
Noreika advises companies to monitor the dark web for potential employee data leaks to prevent cybercriminals from infiltrating the network using leaked or stolen credentials. He explains that adopting a proactive approach enables companies to receive an early warning and deploy swifter mitigation measures.
“The quicker security teams can spot a cybersecurity incident, the less damage it can cause. Once the organization is aware of any leaked credentials associated with its employees, it can take appropriate actions, such as preparing for a potential data breach and informing the affected users to stay on high alert,” says Noreika.
If employee credentials have been compromised and published on the dark web, Noreika advises companies to monitor the affected users for suspicious activity, such as unusual log-in attempts. Enforcing multi-factor authentication and resetting the passwords of compromised users can also prevent hackers from infiltrating the network.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
CIBC Foundation and TELUS Friendly Future Foundation announce landmark $2 million partnership
Posted in Commentary with tags Telus on July 2, 2025 by itnerdThe CIBC Foundation and the TELUS Friendly Future Foundation announced a transformative $2 million partnership to launch the TELUS Momentum Student Bursary, powered by CIBC Foundation. With each Foundation contributing $1 million, this multi-year partnership will fuel momentum for up to 500 young changemakers from the Black community, helping them accelerate their ambitions and impact across the globe.
The TELUS Momentum Student Bursary, powered by CIBC Foundation, will unlock access to education and career pathways for young Black leaders, whose talents and community leadership are critical for helping solve pressing social issues. Bursaries are awarded to students who are facing financial barriers and are committed to making a difference in their communities. Recipients will also benefit from comprehensive support, including TELUS’ Mobility for Good and Internet for Good programs, access to the CIBC Best Student Life Bundle and CIBC Smart Planner, which can help create healthier financial habits, free mental health support from TELUS Health, as well as career learning opportunities enabled by TELUS.
Since the launch of the TELUS Student Bursary in 2023, the TELUS Friendly Future Foundation has already provided bursaries to more than 1000 students across nine provinces and 93 different schools, with more than 50 percent awarded to first-generation post-secondary students. With applications already received for the 2025/26 academic year, this partnership with CIBC Foundation will enable more students to receive bursary support starting Fall 2025.
For more information about the TELUS Student Bursary program and how you can support the next generation of Canadian leaders, visit friendlyfuture.com/bursary.
Leave a comment »