MUKAH: Police here have urged businesses to be on high alert against Business Email Compromise (BEC), a stealthy cyber scam that quietly exploits routine corporate email to siphon funds and harvest sensitive information.
Mukah district police headquarters (IPD) said BEC is a cyberattack in which criminals impersonate a trusted individual or entity — such as a company director, supplier, or business partner — to trick victims into transferring money or revealing confidential data via corporate email.
This usually involves criminals hacking into legitimate business email accounts or creating fake addresses that look almost identical to real ones to deceive victims.
Mukah IPD illustrated how the deception often plays out — a local firm completes a shipment and emails an invoice to an overseas partner.
“Unseen, hackers who have breached the sender’s inbox monitor the exchange. When the time is right, they send a near-identical email from a look-alike address claiming “technical issues” and instruct the buyer to pay into a different bank account.
“Trusting the message, the buyer transfers the money — and only later realises the funds have vanished into a fraudulent account.
“This is how many businesses fall victim. Everything appears legitimate until the money is gone,” police said.
They added that scammers often rely on tactics such as domain or email spoofing, phishing for login credentials, psychological manipulation through social engineering, and full takeover of genuine email accounts to make their lies convincing.
Mukah IPD urged business firms to strengthen their defences by enabling two-factor authentication for email accounts, training employees to spot warning signs, verifying payment requests through secondary channels such as direct phone calls, and regularly reviewing email logs and security systems.
“Cybercriminals are constantly evolving, and their methods are becoming more sophisticated.
“A simple verification step could save a company from suffering significant financial loss,” Mukah IPD said.
Business owners are reminded that vigilance, verification, and clear communication remain the best shields against this costly and silent threat.
