-->

Protecting Your Business from Email Compromise

Resources
Resources
Security Center
Security Center
Protecting Your Business from Email Compromise
Protecting Your Business from Email Compromise

For many businesses, email is the lifeline of daily operations. But it’s also a favorite tool for cybercriminals. One of the fastest-growing threats today is Business Email Compromise (BEC)—a scam that targets companies of all sizes by exploiting trust in email communication.

Business Email Compromise happens when fraudsters use social engineering or impersonation tactics to gain access to, or convincingly spoof, a company’s email account. Their goal is simple: trick employees into sending money or sharing sensitive information. Once inside your email system, attackers monitor conversations, then jump in at the right moment to redirect payments or steal information. BEC is highly targeted, often involving research into your business, your vendors, and even your communication style—making it hard to spot.

Common Scenarios to Watch For

  • Fake Invoices: Criminals impersonate a known vendor and send a realistic invoice with new payment instructions. Funds are transferred straight into their accounts.
  • Executive Fraud: A scammer poses as a company executive, emailing an employee with an urgent request to wire money or buy gift cards.
  • Payroll Diversion: Hackers target HR or payroll, requesting that direct deposits be switched to fraudulent accounts.

How to Spot the Signs

  • Requests for payment or fund transfers that feel rushed or “out of the blue.”
  • Small but suspicious changes in sender email addresses or invoice details.
  • Sudden changes in payment instructions, especially new account numbers or banks.
  • Emails that discourage phone confirmation and stress urgency or secrecy.

What to Do If It Happens to Your Business

  • Act Immediately: Contact your bank to attempt to stop or recall the transfer.
  • Report the Incident: Notify your IT team, the FBI’s Internet Crime Complaint Center (IC3), and local law enforcement.
  • Change Credentials: Reset compromised passwords and review email forwarding rules.
  • Review and Train: Conduct a security review and ensure employees are trained to recognize and report suspicious activity.

Business Email Compromise isn’t a “big company” problem—it targets organizations of every size. Awareness and quick action are your best defenses. 

You are leaving ConnectOne Bank's Website

By continuing, you will be leaving the ConnectOne Bank website.

ConnectOne Bank is not responsible for accuracy, security, content, or services offered by other websites; we encourage you to view privacy & security disclosures of all websites you visit as they may be different than those of ConnectOne Bank.

Visit our site again soon.

Email disclaimer

Email is not a secure transmission route. Thus we ask that you never send sensitive personal information like Social Security numbers, Account numbers, Credit Card numbers or any type of password via email to ConnectOne Bank or anyone else. Please call us when submitting this information. Please click Send an Email to continue...