Business Email Compromise (BEC) is a cybercrime scam where an imposter attempts to access critical business information or request payment in order to defraud a company. Cybercriminals send emails that appear as though it is coming from a vendor, trusted business partner, or a trusted source within the company.

BEC Examples

The following are common avenues for BEC scammers.

Account Compromise

• An employee’s email has been compromised allowing the imposter the ability to monitor their emails. Once an opportunity arises such as a request to submit payment for an invoice, the imposter will create an email address very similar to the employees, allowing them to intercept the email conversation.  The imposter will then request payment to be sent with new payment instructions.

CEO Fraud

• In this type of attack, the imposter will send emails to employees posing as the CEO or another top executive. The imposter will ask for confidential information or request a money transfer.

Data Theft

• Employees who have access to employee data are the targets, such as Human Resource staff, to then obtain sensitive data regarding employees and executives.  This information is used in future attacks.

Detecting BEC

Here are some common signs of a possible compromise.

• Unusual changes to payment instructions
• Suspicious misspellings and grammar errors
• Requests to bypass standard procedures
• An irregular sense of urgency to give information or send payment

Protecting Against BEC

Take these additional steps to help protect yourself from a possible compromise.

1. Verify payment and purchase requests in person if possible or by calling the person using a number already on file. Never call the number provided in the email message to verify the information.
2. Don’t click on anything in an unsolicited email or text message.
3. Carefully examine the email address, URL, and spelling used in the correspondence.
4. Be cautious of downloaded items and any email attachments forwarded to you.
5. Educate your employees on how to identify a BEC and what to do if there is an attack.

At FirstBank, we work diligently to keep your accounts safe and secure. For more information visit our Fraud Protection page.

“This page may contain links to external websites. These links are displayed for your convenience. FirstBank does not manage these sites and assumes no responsibility for the content, links, privacy policy, or security policy.”