Peak vacation season Business Email Compromise caution from BSI

July 28, 2020

The cybersecurity and information resilience team at BSI is advising organizations to remain alert to an increase in Business Email Compromise (BEC) attacks during the peak vacation season. A recent report revealed that almost half of organizations have at least one compromised account, stressing the importance for organizations to have proper email security governance and controls in place.

It is estimated that between 2016 and 2019, BEC attacks equated to financial losses of $26.8 billion internationally. In the US, the FBI anticipates a rise in Business Email Compromise schemes related to the COVID-19 Pandemic. With 96 percent of data breaches starting with an email, this highlights the need for organizations to implement robust email security solutions that can detect and stop email threats to maintain their information resilience.

Stephen Bowes, Global Practice Director for Information and Security Technologies at BSI, explains: “Many organizations are in a vulnerable position as remote working continues and annual leave peaks. Attackers are using this opportunity to try and impersonate an employee’s colleague or senior executive to gain sensitive company information. With email phishing, an attacker relies heavily on social engineering tactics to identify HVTs (High Value Targets) and they can be anyone in an organization, from the accountant, or HR executive, to a high-profile individual such as the CEO. The current threat landscape shows that cyber criminals are targeting individuals, not infrastructure, making it vital for organizations to take a people-centric approach right now.”

“Working with our clients and analyzing both the industry and recent incidents, securing your email is one of, if not the single most important step, that organizations need to consider. Doing so will mitigate most inbound attacks and reduce an organizations surface attack area. I would also encourage businesses to implement an awareness and training program so that users can learn to spot and report malicious emails.”

The increase in social engineering means that everyone needs to be mindful of what is posted on social media too. The recent Twitter hack is a prime example of how compromised accounts can be used for financial gain. Joe Pierini, Head of Testing for the US warns, “This time it was for bitcoins, but the next attack could be to influence a stock price or even an election.”

The Consulting Services team at BSI provides a range of solutions to help organizations address challenges in cybersecurity, information management, and privacy, security awareness and compliance. For more information visit




Notes to Editor:

BEC = refers to an email scam that targets specific people, including VAPs (“Very Attacked People”) in an organization to either steal money, data, or other confidential employee information.

Phishing = is the fraudulent practice of sending emails impersonating a reputable business to gain personal information, such as passwords and credit card numbers.

Smishing = is the fraudulent practice of sending text messages pretending to be a reputable source to gain personal information, such as passwords or credit card numbers

Vishing = is the fraudulent practice of making phone calls or leaving voice messages impersonating a reputable organization to try and get personal information, such as bank details and credit card numbers.

Social engineering = is where scammers trick people into divulging access to confidential information through a combination of manipulation and human error.


About BSI

BSI is the business improvement company that enables organizations to turn standards of best practice into habits of excellence. For over a century BSI has championed what good looks like and driven best practice in organizations around the world. Working with 84,000 clients across 193 countries, it is a truly international business with skills and experience across a number of sectors including aerospace, automotive, built environment, food, and healthcare. Through its expertise in Standards Development and Knowledge Solutions, Assurance, Regulatory Services and Consulting Services, BSI improves business performance to help clients grow sustainably, manage risk and ultimately be more resilient and trusted.

To learn more, please visit: