By Gregory Lemmon | Managing Director, UBIQUITY Ltd
Cybersecurity & Disaster Recovery Consultants to the Caribbean
Your finance manager receives what appears to be a routine email from your Managing Director.
The message is professional, urgent, and completely believable.
“Please process this payment today. I’m in meetings all afternoon, so I won’t be available by phone.”
The request isn’t unusual. The email address looks legitimate. The tone sounds exactly like your executive.
The payment is processed.
Only later does your team discover that the email never came from your Managing Director at all.
The money has already reached a criminal’s bank account.
This is Business Email Compromise (BEC), one of the fastest-growing forms of cybercrime affecting businesses worldwide. As Caribbean businesses continue to embrace digital operations, they are becoming increasingly attractive targets for these sophisticated attacks.

Business Email Compromise is a cyberattack in which criminals impersonate trusted individuals—such as company executives, suppliers, or business partners—to trick employees into transferring money or sharing sensitive information.
Unlike traditional phishing emails filled with spelling mistakes and suspicious links, modern BEC attacks are carefully researched, professionally written, and often impossible to spot at first glance.
Cybercriminals don’t rely on malware. They rely on trust.
Understanding the attack process is the first step in preventing it.
Attackers gather publicly available information from:
Within hours, they can identify:
Today’s cybercriminals often use Artificial Intelligence to speed up this research, making attacks more targeted than ever before.
The attacker may compromise an executive’s email account through phishing or simply register a lookalike domain.
For example:
yourcompany.com
becomes
yourcompany-bvi.com
At a quick glance, the difference is almost impossible to notice.
A carefully crafted email lands in your finance team’s inbox.
It requests:
The message often creates urgency while discouraging verification.
“I’m travelling today. Please handle this urgently.”
Because the request appears genuine, staff follow normal procedures.
No one realises anything is wrong until the legitimate executive asks about the payment sometimes days later.
By then, the funds have disappeared.
Many Caribbean businesses are small or medium-sized enterprises with lean finance teams and limited cybersecurity resources.
Criminals know this.
They also know that businesses often work closely with international suppliers, remote teams, and overseas banking partners, making payment requests a routine part of daily operations.
This creates the perfect environment for Business Email Compromise.
According to the FBI’s Internet Crime Report, Business Email Compromise caused more than US$2.7 billion in reported losses during 2024, making it one of the costliest forms of cybercrime globally.
For Caribbean businesses, a successful attack can result in losses ranging from US$20,000 to US$150,000, money that is often impossible to recover.
The good news is that preventing Business Email Compromise doesn’t require expensive technology.
It requires consistent security practices.
Every business email account should be protected with Multi-Factor Authentication.
Even if passwords are stolen, MFA adds an extra layer of security that prevents attackers from accessing email accounts.
Any payment above a predetermined amount should require verbal confirmation using a trusted phone number, not the contact information included in the email.
One quick phone call can prevent thousands of dollars in losses.
Technology alone cannot stop social engineering.
Employees should know how to identify:
Regular cybersecurity awareness training helps employees recognise these warning signs before they become costly mistakes.
Ask yourself these questions:
✔ Is Multi Factor Authentication enabled on every business email account?
✔ Do finance staff verify payment requests by phone?
✔ Are employees trained to recognise Business Email Compromise?
✔ Can staff identify fake email domains?
✔ Is there a documented payment approval process?
If you answered “No” to any of these questions, your business may be exposed to unnecessary risk.
At UBIQUITY Ltd, we help Caribbean businesses strengthen their cybersecurity through practical risk assessments, email security, employee awareness training, disaster recovery planning, and business continuity strategies.
If you’re unsure whether your organisation is protected against Business Email Compromise, now is the time to find out.
Book a Cybersecurity Assessment today and gain clarity on where your business may be vulnerable before attackers do.
📧 Email: glemmon@ubiquityltd.com
📞 Phone: +1 (284) 547-6754