Shielding Small Businesses from Business Email Compromise

BEC - Business Email Compromise

Business email accounts are some of the most critical components in day-to-day operations for any business. They typically store confidential data related to billing, financial transactions, and maintain extensive & confidential contact lists. This intellectual property is the life blood of your business in many cases. Of course, this is what makes it attractive to cybercriminals. If they manage to get access to your business email, it can be exploited by in several ways, including sending deceptive emails masquerading as your key employees, with the goal of tricking your contacts into sharing personal and financial information, or making payments to fraudulent accounts instead of yours.


Common Tactics

Some information and real-world examples are provided at Also, versions of these scenarios that happened to real victims. All of the messages below were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.

  • A vendor your company deals with regularly sends an invoice with an updated mailing address.
  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A homebuyer receives a message from his title company with instructions on how to wire his down payment.


BEC attacks can be financially devastating and irreparably damage a business’s reputation. Small businesses are often more appealing targets because they may have less robust cybersecurity measures in place. Managed Service Providers play a crucial role in helping small businesses protect themselves against cyber threats like BEC, which is by far the most common. They provide expertise, resources, and tools that small businesses may not have access to on their own. Here at Carmichael Consulting Solutions, we employ the Huntress MDR software to help shield our clients from attacks. 


What is Huntress MDR?

Huntress Managed Detection & Response (MDR) is a fully comprehensive cybersecurity solution designed to detect and respond to advanced threats. It goes beyond traditional antivirus software and firewall protection by actively hunting for (and isolating) threats within an organization’s environment. Huntress will proactively safeguard and defend your business using a variety of tactics including:

  • Email Account Monitoring: Huntress MDR will actively monitor email accounts for signs of compromise, like suspicious login activity or unusual email senders. This early detection can prevent attackers from operating undetected for extended periods.
  • Behavioral Analysis: The platform employs behavioral analysis to identify irregularities in email communication patterns. This can help uncover impersonation attempts, which are extremely common in BEC attacks.
  • Alerts and Notifications: When a potential threat is detected, Huntress MDR will generate alerts and send notifications to Carmichael, allowing us to take immediate action to mitigate the risk.
  • Incident Response: Huntress MDR provides tools and guidance for effective incident response, helping us and our clients contain and neutralize threats before they escalate.


A great informational video from Huntress about their MDR software is linked here.


Business Email Compromise is a serious threat that can have devastating consequences for small businesses. By partnering with an MSP that uses Huntress MDR, small businesses can enhance their cybersecurity posture, reduce the risk of falling victim to BEC, and safeguard their sensitive data and financial assets. In this era of ever-evolving cyber threats, proactive measures like this are essential to protect the future of small businesses, and their integrity.

Share This :