Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

The business email compromise

With increased sanctions in place, a return to an old classic


How KPMG can help: Cyber Security Services

What is a business email compromise (BEC)?

A business email compromise is an e-mail-based cyber-crime in which criminals target and attempt to defraud the business, generally through wire transfer or wire diversion fraud. Commonly, attackers can use phishing techniques utilizing stolen credentials or attempt to divert or initiate a fraudulent wire transfer. In many cases, these emails will appear to come from a known-good or trusted source.

As an example, your third-party vendor ACME Co. has a domain of and you receive an email from OR They may even utilize similar looking email signatures to make these emails look more legitimate. These are attempts by the criminals to spoof a trusted source to defraud a business by giving their emails an appearance of legitimacy.

Why is BEC likely to increase?

With the increased focus around governments to monitor or block payments made with cryptocurrency as payment for ransomware cases, in addition to the volatile nature of the cryptocurrency market criminal groups could turn to BEC as more profitable cybercrime. BEC attacks commonly include other crimes like invoice fraud or other attempts to get businesses to wire money to the criminals.

What can I do to be better protected?

This can depend on your IT environment, however, a “defense in depth” approach may provide a good chance of defeating a threat actor; even if they manage to breach your systems or begin to human engineer your employees. The few steps below can help you better protect your business from being defrauded.

General leading practices

  1. Enable multi-factor authentication (MFA) throughout the environment including VPN, internet-facing applications like Exchange, and/or cloud-based email providers (e.g., Microsoft 365).
  2. Educate your employees. Train them to spot suspicious emails that contain poor grammar/broken English, contain a strong sense of urgency to pay, and/or have updated banking or contact information.
  3. Utilize a call-back verification process when setting up new payment instructions for making changes to existing payment instructions.
    • Implement the concepts of dual control & segregation of duties within departments/sections handling financial transfers.
  4. Implement a simple, streamlined process for employees to report suspicious emails (e.g., Report email button).
  5. Create a BEC response playbook.
  6. Perform brand monitoring and look for newly registered domains that are spoofing your business, brand likeness, and/or domain(s).
  7. Follow industry leading practices regarding the emailing & storage of sensitive information (e.g., HIPPA, PII, PCI).
  8. Retainer/on-call agreements with outside counsel and/or an incident response firm.
  9. Review cyber insurance policy and determine if it covers financial losses due to cyber fraud or human engineering.

Microsoft 365 leading practices

  1. Enable conditional access to help ensure specific conditions are met before granting access to a resource1.
  2. Disable legacy authentication to reduce the attack surface that BEC criminals commonly use
    *NOTE: Legacy authentication does not support MFA.
  3. Microsoft Secure Score is a tool within O365 to provide customized recommendations to help businesses harden their O365 environment.

Blog authored by: Dennis Labossiere and Corey Berman

Disclaimer: The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organization.


  1. Microsoft, “What is Conditional Access?”, (8/15/2022).
  2. Microsoft, “Blocking legacy authentication”, (8/15/2022).

Explore more

Cyber security in the new reality

Working together to respond to the challenges.

Read more

Meet our team

Image of David Nides
David Nides
Principal, Cyber Security Services, KPMG US
Image of James Arnold
James Arnold
Principal, Cyber Security, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.