Attention: You are now leaving the Wintrust website.

Business Email Compromise

Business Email Compromise

Business Email Compromise

Business Email Compromise


Business email compromise (BEC) is one of the fastest-growing email scams in the world. According to the FBI, the U.S. lost $2.9 billion to BEC from October 2013 to May 2018 as more than 41,000 Americans fell victim.

The FBI lists five primary types of BEC fraud:

1. The bogus invoice — Attackers impersonate a company’s established suppliers and request payments to an alternate, fraudulent account. 

2. CEO fraud — Scammers pose as the company’s CEO or another high-level executive and request that funds are transferred quickly.

3. Account compromise — An employee’s email account is hacked and used to request payments from multiple vendors.

4. Attorney impersonation — Criminals pretend to be lawyers or legal representatives and pressure victims into quickly and secretly transferring funds. 

5. Data theft — Attackers target victims with access to other employees’ personal information, like human resources, and use deception to access this information.

BEC scams are effective because they’re designed to mirror accounts and display names so closely that victims believe the attackers are who they say they are. Still, you can identify and prevent BEC scams by keeping an eye out for the following components:

Keywords like request, payment, transfer, and urgent

Scammers often use this language to instill a sense of urgency, which makes their victims more likely to do what they’re told without thinking it through.

Urgency and secrecy

Urgent requests—especially those encouraging you to bypass normal channels—should be treated with caution.

Conflicting or missing contact information 

Many fraudulent emails include deceptive logos, email addresses, and display names. Always double-check this information against the contact information provided and against any previous communication you have with the sender.

If you’re looking for more ways to protect your business against fraud, Wintrust Community Banks also offer Positive Pay services through our Business Community Checking and Have-It-All® Business Checking accounts*. These services allow your business to stay ahead of fraudulent checks and block unauthorized ACH debits.

And, from now until Jan. 31, 2020, we’re offering a free six-month trial of Positive Pay. Contact your banker today to sign up for your free trial or click here to learn more about our fraud prevention services.

*Entrepreneur Checking account customers will need to upgrade their account in order to obtain fraud prevention services.

Stay Connected