For many businesses, email is the lifeline of daily operations. But it’s also a favorite tool for cybercriminals. One of the fastest-growing threats today is Business Email Compromise (BEC)—a scam that targets companies of all sizes by exploiting trust in email communication.
Business Email Compromise happens when fraudsters use social engineering or impersonation tactics to gain access to, or convincingly spoof, a company’s email account. Their goal is simple: trick employees into sending money or sharing sensitive information. Once inside your email system, attackers monitor conversations, then jump in at the right moment to redirect payments or steal information. BEC is highly targeted, often involving research into your business, your vendors, and even your communication style—making it hard to spot.
Common Scenarios to Watch For
- Fake Invoices: Criminals impersonate a known vendor and send a realistic invoice with new payment instructions. Funds are transferred straight into their accounts.
- Executive Fraud: A scammer poses as a company executive, emailing an employee with an urgent request to wire money or buy gift cards.
- Payroll Diversion: Hackers target HR or payroll, requesting that direct deposits be switched to fraudulent accounts.
How to Spot the Signs
- Requests for payment or fund transfers that feel rushed or “out of the blue.”
- Small but suspicious changes in sender email addresses or invoice details.
- Sudden changes in payment instructions, especially new account numbers or banks.
- Emails that discourage phone confirmation and stress urgency or secrecy.
What to Do If It Happens to Your Business
- Act Immediately: Contact your bank to attempt to stop or recall the transfer.
- Report the Incident: Notify your IT team, the FBI’s Internet Crime Complaint Center (IC3), and local law enforcement.
- Change Credentials: Reset compromised passwords and review email forwarding rules.
- Review and Train: Conduct a security review and ensure employees are trained to recognize and report suspicious activity.
Business Email Compromise isn’t a “big company” problem—it targets organizations of every size. Awareness and quick action are your best defenses.
