FeaturesHeadline News

Business Email Compromise


CYBERCRIME includes Business Email Compromise (BEC) which can be defined as “a criminal act where criminals illegally access an email account and communicate as if they are the user”. They do this by stealing account holders’ usernames and passwords through phishing or other means, to trick users into disclosing their details. They then utilise the compromised information to access and use the user’s email account.

Indications of a possible compromised email address include:

Complaints about spam being sent from your email address.

Emails are not being received.

Missing emails.

Receiving large numbers of undeliverable or bounce messages for emails you did not send.

Not being able to log into your email account.

Seeing unknown emails in your Sent Items folder.


Make sure your device (laptop, mobile phone, tablet) has the most up-to-date Operating System updates and antivirus/malware software.

Depending on the extent to which your account was abused, you may have to contact all email recipients who were spammed by your hacked mailbox to advise them that these communications were not legitimate.

Set up several email addresses. Use your original email address for personal or business communication as you’d normally do and use an alternative email address to communicate with your service provider, since many now ask for a different address for added protection. Then, use yet another email address for registering for websites, newsletters, online shopping and other services. In this way, the risk of a possible compromise is spread.

Use different and strong passwords for each account – one that is at least six characters long, and is a combination of letters, numbers and capitals/lowercase.

Using a secure device, log into your email and then check if any of the settings have been changed. This could indicate that your email account has been hacked, so ensure that if any of the settings have been altered, that you delete these immediately.

Once you have changed the settings, create a new password, and add your secondary email account as your alternative address.

Never list your main email address publicly anywhere online – in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers. Use a separate email address for the internet which is not linked to your personal or business email account.

Do not use public computers to check email; there is virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.

Social Engineering


Social engineering exploits human psychology and is a form of manipulation used by criminals to gain personal or confidential information from an unsuspecting victim. Criminals know that the weakest link in the security chain is a human and will pose as technical support engineer, or bank staff, and will exploit the victim’s inclination to trust. The victim then willingly divulges any information requested by the criminal. In other cases, victims are guided by the criminal, purporting to be a technical support engineer requested to follow several steps to “fix” something on their computer. The victim then unwittingly installs malware, which sends their personal or confidential information back to the criminal.


Keep your software up to date, using the latest security patches available.

Ensure that you have the latest anti-virus software applications installed on your computer.

Do not give control of your computer to a third party who call you unexpectedly.

Do not rely on call line identification (CID) alone to authenticate a caller. Criminals spoof CID numbers. They may appear to be calling from a legitimate company or a local number, even when they are not in the same country as you.

Never provide your password, credit card or other financial information to someone who calls and claims to be from any tech-support.

If you are concerned about your computer, call a reputed security software company directly and ask for help.

Never respond to emails appearing to be from your bank that request your personal details. No bank will ever ask you to confirm or update your account details via email

Do not click on links or icons on unsolicited email.

Never provide your online ID, password, or PIN to anyone.

Change your PIN and passwords frequently.

Place sensible transaction limits on your accounts.

As always, be sure to join us next week as we continue with the next edition to enhance your knowledge on fraud. Please share your comments and thoughts with us via Email: Mirriam.Zimba@baz.co.zm


Related Articles

Back to top button