How to Protect Your Business from Email Spoofing and Business Email Compromise
Email is still the number one way cybercriminals target small businesses.
A common method is email spoofing — where a scammer makes an email look like it’s from your boss, supplier, or even your own domain.
This often leads to Business Email Compromise (BEC) — where fraudsters trick staff into transferring money or handing over data.
📬 How spoofing works
Attackers send an email that appears to come from a trusted address
The “From” name looks genuine, but the underlying sender isn’t
Urgent or unusual requests (like “pay this invoice today”) push staff into quick action
🚨 Real-world examples
Fake invoice emails appearing to come from suppliers
HR asking for staff payslip details
Directors “authorising” urgent bank transfers
Many SMEs across the UK have lost thousands this way — often without insurance cover.
✅ How to protect your business
1. Train your staff
Help them spot red flags: urgency, odd email addresses, unusual payment requests.
2. Enable Multi-Factor Authentication (MFA)
Even if credentials are stolen, MFA can block attackers.
3. Use proper domain protections
Set up:
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
DMARC (Domain-based Message Authentication, Reporting & Conformance)
These stop criminals sending spoofed emails from your domain.
4. Have a process for financial requests
E.g. “Always confirm by phone before paying invoices over £X.”
👣 Practical first step
Check your domain setup. If SPF/DKIM/DMARC aren’t in place, your email is at risk.
Most SMEs aren’t aware these protections even exist — but they’re free to set up and highly effective.
Local support
I help SMEs across Newry and Mourne secure their domains, set up MFA, and train staff to spot scams — so you can work with confidence.
🟢 Want me to check if your domain is properly protected?