3 min read

How to Avoid Business Email Compromise

How to Avoid Business Email Compromise

Private citizens aren’t the only targets of identity theft. Businesses are also facing fraud attempts, and many have fallen victim to criminals who steal hundreds of thousands of dollars. Known as business email compromise (BEC), fraudsters impersonate company executives and request wire transfers over email. While BEC is increasing, the FBI estimates this type of scam has already cost U.S. businesses more than $3.1 billion between October 2013 and May 2016.

Knowing how to spot malicious business email compromise attempts is the key to preventing criminals from receiving company funds. Here’s what you can do to avoid BEC:

  • Educate employees to spot and report scams. While not every department may be targeted by criminals, everyone can play a role in keeping your company safe from any type of fraud. The more employees know about spotting suspicious emails – and the more practice they have through regular trainings – the more they’ll be able to help you prevent attacks.
  • Do not click. Not all BEC emails look the same. Part of your employee training should include how to interact with spam emails. The simplest rule is don’t. Don’t open the email, click any links, open attachments or respond. Any of these actions could put malware onto your computer or invite more action from the criminal.
  • Watch for altered email addresses. Criminals will try to trick employees by making their emails look as similar to the actual email address as possible. This includes putting letters such as r and n together in place of an m, or a capital i in place of a lowercase l. Look carefully at the email addresses listed in any requests for financial information, passwords or funds.
  • Question suspicious requests for funds or wire transfers. Wire transfers are the primary way BEC criminals try to steal from businesses. Any time a request for a wire transfer comes through, especially when it’s not a common payment practice in your company, should be a red flag.
  • Verify all monetary requests. No matter who or where the request comes from, make sure to verify all requests for funds, payments and transfers via another form of communication. A simple phone call or walking over to your coworker’s office could save your company significantly.

Putting these practices into place can help your company avoid BEC attempts. However, if your company is targeted, remember to immediately alert your financial institution and IT department.

Christi McWilliams, CCBSO, CAFP, ABCP, CBSM

Christi McWilliams, CCBSO, CAFP, ABCP, CBSM

AVP, Security Officer - Financial Intelligence (515) 245-2876 Email Christi

Christi McWilliams is the Bank Security Officer at Bankers Trust and has more than 15 years of experience in the banking industry. She began her career at Bankers Trust in the Customer Service department, followed by several years as a Relationship Banker, Electronic Banking Specialist and Deposit Operations before joining the Financial Intelligence team in 2015. Her responsibilities include all aspects of physical security enterprise-wide, robbery prevention, and fraud monitoring. Christi is a Certified Community Bank Security Officer (CCBSO), Certified AML and Fraud Professional (CAFP), Certified Bank Security Manager (CBSM), and a Certified Associate Business Continuity Professional (ABCP). In her free time, Christi serves on the Crime Stoppers of Central Iowa Board and is the current secretary.

Have the Education Center delivered right to your inbox

Subscribe to the Education Center to stay up-to-date with the latest Education Center posts on the topics that matter to you.

Form Illustration

    Select which topics you are interested in, and we’ll send new posts directly to your email inbox: *