📧

Business Email Compromise (BEC)

Sophisticated attacks where criminals impersonate executives or vendors to trick businesses into wire transferring funds.

$2.9B (FBI IC3 2023)
Annual losses (US)
21,000+ businesses annually
Reported victims/year
Report Now
FTC: ReportFraud.ftc.gov

🎭 How Scammers Do It: Tactics

  • Compromise or spoof executive email accounts (CEO fraud)
  • Impersonate vendors to redirect legitimate invoice payments
  • Request emergency wire transfers from finance staff
  • Use language and context obtained through reconnaissance
  • Time attacks during executive travel or out-of-office periods
  • Convince HR to redirect payroll direct deposits

🚩 Red Flags: Stop If You See These

Urgent wire transfer request from an executive or vendor
Email domain has subtle changes (ceo@company-name.com vs company.com)
Request to keep the transfer confidential from other staff
Change in vendor bank account details via email
Uncharacteristic payment amounts or urgency from known senders
Request comes when recipient is under deadline pressure

🛡️ How to Protect Yourself

1. Verify all wire transfers with a second factor (phone call to known number)
2. Implement multi-person approval for wire transfers above threshold
3. Enable DMARC, DKIM, and SPF on your company email domain
4. Verify any change in vendor banking details with a phone call
5. Train all finance staff on BEC recognition
6. Use out-of-band verification for all significant financial requests

📋 How to Report This Scam

Report immediately to FBI IC3 at ic3.gov. Contact your bank immediately to attempt wire recall.

Report to FTC → Report to FBI IC3 → Other Countries →

Related Scam Types

🎣
Phishing Email Scams
$2.9B+ in losses
💼
Fake Job Offer Scams
$367M in losses
📱
SMS Phishing (Smishing)
$330M+ in losses
← View all 20 scam types