Skip to main content

The Ísland.is App

The Icelandic Police

Fraudulent Instructions

Instruction fraud, also called Business Email Compromise (BEC), often targets companies and organisations, where an employee receives an email, often appearing to be from a manager, requesting an urgent transfer of funds or a change to a payroll account. In reality, the email is from a criminal who has breached the company’s system and is sending fake emails under someone else's name. These scams are often highly sophisticated and difficult to detect.

Fraudsters tend to exploit periods of uncertainty, such as when new staff members start, during organizational changes, or during holidays.

If you haven’t already, you should contact your company’s IT department. IT managers should report the security breach to CERT-IS by email at phishing@cert.is.

Report Instruction fraud

Business Email Compromise (BEC)

Good practive to avoid Instruction fraud

  • Carefully review emails and messages requesting personal information, money transfers, or changes to payroll accounts. Check the email address, display name, payment details, and whether others have received similar messages.

  • Establish procedures to confirm payment requests and account changes through a phone call.

  • Do not succumb to pressure, and remain aware that repeated requests are often meant to push employees into making mistakes.

Check the account number

Service provider

The Icelandic Po­lice

Related material

Report cyber crime
Report online financial fraud to the police
Test your cyber security knowledge