Business Resource Center

How to Recognize Business Email Compromise Scams (BEC)

man sits at desk and uses computer
Shield with dollar sign icon
Did you know? Regular security awareness training for employees is the best defense against Business Email Compromise.

How to recognize and avoid Business Email Compromise

How can you stop BEC before it affects your organization?

  • Educate your staff. Educate all employees with any financial authority about scams like BEC. Fraud techniques are continually evolving, so security awareness training is not a one-time event. It needs to be ongoing to keep up with emerging issues.
  • Review existing procedures. Consider new policies for approving unexpected payments or wire transfers, such as requiring confirmation for the transaction through some means other than email. For example, you might require the employee to call the executive on their cell phone – to a known number, not one provided in the email asking for the transfer – before initiating the payment. Ensure company executives are on board with these policies and agree not to punish employees who refuse to make exceptions.
  • Use a code word. Establish a code word or security question that must be answered before any transfer can take place. This prevents the scammer from calling in with a spoofed number and posing as the executive. And never use the code word in an email, only over the phone.
  • Be skeptical. Train employees to be suspicious of any unplanned transfers of money, wire transfers that must happen immediately, or transactions that must be kept a secret from other executives in the organization. Legitimate business transactions can always wait for appropriate verification.

If you do get caught up in a BEC scam, immediately contact your financial institution. You can also file a report with the FBI's Internet Crime Complaint Center (IC3).5 Your bank and the FBI may be able to recover the stolen funds if you notify them immediately.

BEC is a significant threat to businesses of all sizes. Familiarize yourself and your team with the risks of business email scams and make a concerted effort to protect your organization. Then everyone will be better prepared to make good decisions to protect the company.

Important Disclosure Information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Federal Bureau of Investigations, “2018 Internet Crime Report." Accessed July 31, 2019. Back
  2. Financial Crimes Enforcement Network, “FinCEN Exchange Forum Counters Business Email Compromise Scams," published July 16, 2019. Accessed July 31, 2019. Back
  3. InfoSec, "BEC Attacks: How Email Account Compromise Works," published May 10, 2018. Accessed August 1, 2019. Back
  4. Federal Bureau of Investigations, "Business E-Mail Compromise," published February 27, 2017. Accessed August 1, 2019. Back
  5. Federal Bureau of Investigation Internet Crime Complaint Center, "Filing a Complaint with the IC3." Accessed August 1, 2019. Back