Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

A Quick Guide to Business Email Compromise (BEC)

prevent scams

about the author

Share this post

Business Email Compromise (BEC), otherwise known as CEO fraud, is a type of phishing attack where a cybercriminal will impersonate a high-level Executive in order to convince an employee, customer, or vendor to transfer money to a fraudulent account or disclose sensitive information.

By compromising official email accounts, the criminals can monitor online activity and determine who has the credentials to initiate money transfers. In the majority of cases, attackers pretend to be the CEO, CFO or another C-Level Executive, and they typically combine a range of social engineering techniques to manipulate the user into action.

In recent years, there has been a steep increase in the number of Business Email Compromise attacks, and according to the latest email security risk assessment report by email management firm Mimecast, BEC attacks have increased by 80% in the last quarter alone.

Global losses due to Business Email Compromise have exceeded $12.5 billion, and victims can suffer substantial losses which has been evident in a number of recent high-profile attacks.

In March 2018, the French cinema chain Pathé fell victim to a sophisticated Business Email Compromise scam that cost them over 19 million euros.

The audacious heist was pulled off when fraudsters impersonated the CEO and convinced the Managing Director and CFO of the brand’s Dutch office to transfer the funds over a series of five consecutive money transfers.

Despite suspicions being raised, the criminals managed to make their scam seem as convincing as possible by creating emails that were almost identical to the official Pathé domain. The company lost 10% of its total earnings and both Executives were fired from their jobs.

The attack demonstrated the attention to detail that cybercriminals will use to infiltrate a company, and the far-reaching consequences that a BEC attack can have on a business.

How a Business Email Compromise scam works

How Business Email Compromise works

Unlike traditional phishing attacks which tend to target a large number of employees, BEC attacks are highly focused and targeted. Criminals will spend a lot of time researching individuals in high level corporate positions before launching an attack.

To make any correspondence seem as convincing as possible, the crooks will trawl company websites, online sources, and social media sites such as LinkedIn to gather as much information as they can about their potential victim.

As soon as they have completed their research, they will use a targeted technique such as Spear Phishing to gain access to corporate systems. Once they have access, the criminals can closely observe how financial transactions are made before launching an attack.

The criminal will then send a fake email from what appears to be the CEO requesting an urgent funds transfer from an employee within the organisation. The high-level targeting helps the email slip through spam filters, and the use of a spoofed email address adds further legitimacy to the request.

Such is the level of detail, that the criminals will often choose to launch their attack when the Senior Executive is away on business and unable to personally verify the request. If the victim has fallen for the scam, any money they’ve transferred will quickly be sent to accounts located overseas which makes it difficult to ever reclaim the stolen money.

Types of Business Email Compromise Scams

Types of Business Email Compromise scams

CEO Fraud – In this type of attack, cybercriminals will pose as the CEO or another high-level Senior Executive. Once their account has been hacked, and email address spoofed, they will send an email to an employee requesting a transfer of funds to an account they’ve specifically set up. The emails will often be flagged as a matter of urgency to discourage the employee from verifying the request or discussing it with another member of staff.

The Bogus Invoice Scheme – This particular scam is often leveraged against companies that use a lot of overseas suppliers. The business will receive an email from what appears to be one of their current suppliers asking them to change the payment destination. Any payments will then be transferred directly into the fraudsters account.

Account Compromise – This type of attack tends to be more common amongst smaller businesses where any billing is managed directly through email.  The cybercriminals will hack an employee’s email account and intercept any emails that contain an invoice. Once they have chosen their target, they will contact the vendor and inform them that there was a problem with their payment and request they resend it through to another fraudulent account they’ve set up.

Lawyer / Attorney Impersonation – In this scam, criminals will impersonate a company’s law firm and request the urgent transfer of funds to deal with a legal dispute or unpaid bill. The employee is told the matter is strictly confidential to reduce the chance of them discussing the request with anyone else. The attacks will often take place at the end of the working week to create extra pressure on the employee to act quickly.

Data theft –  This is the only BEC scam that doesn’t request a direct bank transfer. Data theft attacks occur when a cybercriminal compromises a Senior Executive’s email account and requests that sensitive corporate information is sent to them. These types of attacks tend to target HR and Finance departments and are often the precursor for a larger and more damaging cyber-attack.

Warning signs of a Business Email Compromise attack

BEC attacks

  • Large funds transfer to a recipient the company has never previously dealt with.
  • Transfers initiated near the end of the day /working week.
  • Emails that contain urgent language and are secretive in nature.
  • Small changes to an email address that mimics a legitimate business address.
  • The recipient account has no history of receiving large money transfers in the past.
  • The recipient account is a personal account instead of a registered business account.

How to Prevent Business Email Compromise Attacks

how to prevent Business Email Compromise attacks

  • Security awareness training is one of the most effective tools for fighting BEC attacks. Regular training will ensure that staff can recognise malicious emails, social engineering tactics, identify suspicious requests and follow the correct protocols for dealing with money transfers.
  • C-Level Executive training – It’s also vital that C-Level Executives receive role specific training that addresses the unique threats they face on a day to day basis.
  • Employees should question and verify all confidential requests, especially those deemed urgent by the CEO or other Senior Executives within the company.
  • Minimise the number of employees who have the authority to transfer funds.
  • Use multifactor authentication on all email accounts.
  • Implement a two-step verification process for all payments which includes a non-email check such as a telephone or verbal authentication.
  • Develop written procedures for approval of all financial transactions.
  • Send all emails through an encrypted server.
  • Do not post sensitive information on company websites or on social media.
  • Consider the use of an email banner that notifies employees if an email has come from an external source.

Employees represent the biggest threat to an organisation’s security, so it’s vital they are equipped with the necessary skills to prevent a cyber-attack. MetaLearning Fusion is the next generation of eLearning and it’s been specifically designed to provide the best possible Cyber Security and Privacy training for your staff. Organisations can build bespoke courses for their staff from an extensive library of short eLearning courses. Get in touch for further information on how MetaLearning can be used to transform Cyber Security training within your organisation.

Other Articles on Cyber Security Awareness Training You Might Find Interesting