Overview

Business email compromise can lead to fraud, unauthorized payments, data loss, or reputational damage.

Symptoms

• Users report inconsistent or failed access to the affected service, device, or application.
• Normal business or home workflows are interrupted, delayed, or no longer reliable.
• The issue may be isolated to one user or may affect multiple systems depending on the root cause.

Cause

Weak approval workflows, poor mailbox security, missing MFA, and executive impersonation are major contributors.

Resolution

Strengthen mailbox security, review payment approval policies, monitor for suspicious forwarding rules, and verify high-risk requests through secondary channels.

1. Confirm the exact symptoms and identify who or what is affected.
2. Check for recent changes such as updates, password changes, hardware swaps, DNS changes, or policy adjustments.
3. Test the most likely root cause first and document all findings clearly.
4. Apply the corrective action in the least disruptive way possible and verify the issue is fully resolved.
5. Record the final outcome, any user communication, and any recommended follow-up work.

Prevention

Use MFA everywhere, train staff on wire fraud red flags, and require out-of-band confirmation for financial requests.

When to Contact Support

If the issue continues after standard troubleshooting, affects multiple users, involves data loss risk, or raises security concerns, it should be escalated to a qualified technician promptly.