Business email compromise (BEC) is one of the fastest-growing email scams in the world. According to the FBI, the U.S. lost $2.9 billion to BEC from October 2013 to May 2018 as more than 41,000 Americans fell victim.
The FBI lists five primary types of BEC fraud:
1. The bogus invoice — Attackers impersonate a company’s established suppliers and request payments to an alternate, fraudulent account.
2. CEO fraud — Scammers pose as the company’s CEO or another high-level executive and request that funds are transferred quickly.
3. Account compromise — An employee’s email account is hacked and used to request payments from multiple vendors.
4. Attorney impersonation — Criminals pretend to be lawyers or legal representatives and pressure victims into quickly and secretly transferring funds.
5. Data theft — Attackers target victims with access to other employees’ personal information, like human resources, and use deception to access this information.
BEC scams are effective because they’re designed to mirror accounts and display names so closely that victims believe the attackers are who they say they are. Still, you can identify and prevent BEC scams by keeping an eye out for the following components:
Keywords like request, payment, transfer, and urgent
Scammers often use this language to instill a sense of urgency, which makes their victims more likely to do what they’re told without thinking it through.
Urgency and secrecy
Urgent requests—especially those encouraging you to bypass normal channels—should be treated with caution.
Conflicting or missing contact information
Many fraudulent emails include deceptive logos, email addresses, and display names. Always double-check this information against the contact information provided and against any previous communication you have with the sender.
If you’re looking for more ways to protect your business against fraud, click here.