What is business email compromise?

Business email compromise (BEC) is a constant and growing threat to businesses and organizations of all sizes and industries.

Fraudsters use phishing techniques to impersonate senior executives or outside business partners and vendors— all in an effort to deceive employees into disclosing sensitive company information or initiating fraudulent transactions.

Fraudulent BEC attempts can occur through email, text messages, or phone calls. They often appear to come from someone you know, like a supplier you work with, and at first glance, it looks to be like a legitimate request.

The FBI has referred to BEC attacks as one of the most financially damaging online crimes, calling it the “$50 billion scam” due to the approximate amount stolen from businesses between 2013 and 2022.i As technology evolves, new and increasingly sophisticated schemes continue to emerge, posing what is a growing – but not impossible — challenge to effectively combat.

Examples of business email compromise

The heart of a BEC scheme lies in impersonation – the scammer uses technology to pretend to be a known contact in order to gain the trust of the recipient. Some scammers even take it up a notch by doing research beforehand on their intended recipient in order to appear more convincing. Without fail, these scammers will have a request that involves either money or sensitive information, making BEC a frequent avenue for ACH fraud.

In these cases, the scammer will try to tempt immediate action on your part, whether it involves revealing confidential information or making some form of payment. The sense of urgency they create is a tactic to pressure you into acting hastily before realizing that their request is nothing more than a scam.

Some common scenarios to look out for:

  • Vendor impersonation: Someone poses as a trusted vendor and sends an invoice, swapping out the vendor’s payment details with their own in order to intercept the funds.

  • Gift card schemes: An employee in your organization receives an urgent message from someone claiming to be the CEO, asking them to purchase gift cards and requesting for the card numbers to be sent via email.

  • Wire fraud: An individual in the process of a home purchase receives an email that appears to have originated from their lender, giving new instructions on how and where to wire the down payment.

Red Flags for Business Email Compromise Fraud

Since the scammer’s goal is to trick you into believing it’s a genuine communication, it’s important to slow down and carefully consider every request before taking any action. There are several warning signs that what you’re looking at might be BEC:

  • Strange grammar mistakes with missing punctuation

  • Generic, non-personalized greetings like “Sir” or “Customer”

  • Spelling mistakes