What is Business Email Compromise (BEC)?

Business Email Compromise (BEC), also known as "CEO Fraud" or "Email Account Compromise," is a sophisticated cybercrime that targets companies and individuals who perform wire transfers. In a BEC attack, criminals use social engineering or hacking techniques to impersonate a trusted executive, vendor, or partner. By compromising or spoofing legitimate email accounts, they deceive employees into making unauthorized transfers of funds, often to accounts controlled by the fraudsters. These scams are characterized by their careful planning and manipulation of trust, rather than by technical malware.

How to Protect Your Business

Defending against BEC requires a combination of technology, verification procedures, and employee awareness. Implement these critical steps to significantly reduce your risk:

1. Implement Strict Verification Protocols:

• Mandate Two-Step Verification: Establish a company-wide rule that all payment or account change requests must be verified through a secondary, independent channel. Never rely solely on email. Call the known phone number of the person making the request to confirm it is legitimate. Do not use any contact information provided in the suspicious email itself.

2. Strengthen Email Security & Vigilance:

• Scrutinize Email Addresses: Carefully examine the sender's full email address, not just the display name. On mobile devices, tap the display name to reveal the true, often slightly altered, email address used by scammers (e.g., ceo@company-domain.com vs. ceo@company-domain.co).
• Enable Full Email Extension Viewing: Configure company email settings to ensure the complete email address is always visible, making fraudulent addresses easier to spot.

3. Foster a Culture of Security:

• Conduct Regular Training: Educate all employees, especially those in finance and HR, on how to recognize the red flags of BEC scams.
• Encourage Reporting: Create an environment where employees feel comfortable questioning and reporting any suspicious request, even if it appears to come from authority figures.

4. Monitor and Respond:

• Audit Financial Accounts Regularly: Monitor company bank accounts daily for any irregular or unexpected transactions.
• Report Immediately: If you suspect a BEC attempt or become a victim, contact your bank immediately to try and stop the transfer, and report the incident to the appropriate law enforcement authorities.

If you are a victim of an Business Email Compromise (BEC) fraud, you should immediately report the incident to your local law enforcement authorities for assistance and to file a formal report.