Protect Yourself from Business Email Compromise – It Can Cost You

Cyber-enabled financial fraud is significantly on the rise. The FBI reports business email compromise (BEC) attacks cost organizations an estimated $1.77 billion in losses in 2019. Cyber attackers, typically organized crime groups, identify employee targets at companies like yours that have access to financial resources.

BEC is a fast-growing type of financial phishing scam in which cyber aggressors target companies posing as executives or company owners into transferring money or turning over confidential data. BEC attackers rely heavily on social engineering tactics to trick unsuspecting employees and executives, focusing their efforts on employees with access to organizational finances. They often impersonate the CEO or any executive authorized to do wire transfers.

They can use a combination of spear phishing emails and/or telephone calls to initiate communications with potential victims. The criminals use persuasion and pressure to manipulate and exploit human nature. Here are some tips you can use to prepare in the event of such scams:


  • Do train your staff how to spot BEC threats. Show examples and provide clear written instructions on how to respond.
  • Do verify the request to send money or provide personnel records with an executive, by phone or in person.
  • Do confirm verbally emailed instructions from a supplier or vendor of any changes to payment methods or bank information. Contact them through known channels.
  • Do carefully check the sender’s email address. Cyber aggressors may slightly vary an address by changing a letter or punctuation.
  • Do verify any request from someone involved in a transaction requesting a change to payment type or bank data. Contact them in person or by phone, not by email.


  • Don’t reply to a suspicious email. Ask to speak directly to the person claiming to be the sender.
  • Don’t click on unknown email links or unexpected attachments in a suspicious email.
  • Don’t act on a request to send money or sensitive employee information without confirming its authenticity.
  • Don’t call a phone number listed in the suspicious email. Contact the person directly through a known number to you.

The organized criminal groups that engage in business e-mail compromise scams are extremely sophisticated. If you or your company have been victimized by a BEC scam, it is important to act quickly. Contact your financial institution immediately and request they contact the financial institution where the fraudulent transfer was sent. Next, call the FBI and file a complaint —regardless of dollar loss — with the FBI’s Internet Crime Complaint Center (IC3).