Business Email Compromise: What It Is and How to Prevent It

Frustrated small business owner after falling victim to Business Email Compromise fraud

Business Email Compromise (BEC) is one of the most costly forms of cyber fraud targeting U.S. businesses. Criminals gain access to real email accounts and use that access to manipulate payments and steal funds.

In one case, a local Iowa business had its email hacked and taken over by a fraudster. The attacker changed just one letter in the business’s email domain, then sent fake invoices to several of the company’s vendors, attempting to redirect payments into the scammer’s account.

Situations like this are becoming more common. Discover how BEC works, how attackers gain access, what your business can do to stop it, and more.


Key Takeaways
1

BEC scams lead to billions in financial losses every year.

2

Criminals often access emails through phishing or credential theft.

3

Prevention requires email security, staff training, and offline verification.

4

Quick action increases the chances of recovering lost funds.

What Is Business Email Compromise (BEC)?

Business Email Compromise happens when a criminal uses a legitimate email account to trick someone into sending money. This is often a vendor payment or internal funds transfer.

The attacker may spend days or weeks monitoring the inbox before striking. They look for patterns, scheduled payments, and communication between departments or external vendors. Then they send a message that appears to come from someone the target trusts.

According to the FBI’s IC3 2023 report, Business Email Compromise is a sophisticated scam targeting both businesses and individuals, with 21,489 complaints and over $2.9 billion in reported losses, most involving unauthorized fund transfers carried out through compromised email accounts.

How Business Email Compromise Starts

Business Email Compromise does not start with a wire transfer. It begins quietly, often with a stolen login, a compromised network, or a misled employee. Attackers gain access well before they take action, using one of several common entry tactics.

Common Entry Points:

  • Phishing emails that trick someone into entering credentials

  • Network breaches where attackers capture passwords silently

  • Credential stuffing that uses data from past breaches to log in

Once a scammer is inside the account, they don’t take immediate action. They study communication habits and wait for a payment-related conversation to appear.

Tactics Used After Business Email Compromise

Once attackers gain access to an email account, they move carefully. Their goal is to avoid detection while preparing to redirect funds. These are the most common tactics:

  • Spoofed email addresses or fake domains: Scammers send messages from addresses that closely resemble a legitimate one, such as @abc-co.com instead of @abcco.com.

  • Inbox forwarding rules: They create hidden rules that automatically forward emails or move them to other folders, making it harder for the victim to notice anything unusual.

  • Urgency or last-minute changes: Messages often include phrases like “I need this paid today” or “I’m traveling and not available.” The goal is to pressure the recipient into acting without double-checking.

  • New account instructions: The scammer may claim their normal account is under audit or unavailable, then provide new payment instructions. That account belongs to the criminal.

Recognizing these tactics early is key to stopping the scam before money leaves your account.

Control Outgoing Payments with ACH Positive Pay

FSB’s ACH Positive Pay lets you review and approve debits before they post. Keep control of your payments and block unauthorized transactions.

Explore ACH Positive Pay

Quick BEC Prevention Checklist

The most effective way to stop a Business Email Compromise is to prevent it from happening in the first place

While no system is perfect, following these best practices can significantly reduce your risk of falling victim to a BEC attack:

  • Use multi-factor authentication on all email accounts. This adds a second layer of protection and makes it harder for scammers to access your inbox using stolen credentials.

  • Enable external sender alerts. A simple visual cue that highlights outside emails can help staff recognize spoofed or suspicious messages.

  • Verify all payment or banking changes offline. Call the person or business using a known phone number, not the number listed in the email.

  • Train your team regularly. Teach employees how BEC scams work, how to spot urgent or unusual requests, and what steps to take if something feels off.

  • Secure similar domain names. Register domains that closely resemble your own to reduce the risk of spoofing.

  • Limit who can send or approve payments. Role-based permissions and dual control add another layer of oversight.

These steps are not just for large corporations. Small and mid-sized businesses are frequently targeted because they may lack dedicated IT staff or formal payment protocols.

Looking to strengthen your fraud controls? Explore FSB's fraud mitigation services or contact our Treasury Management team to review your setup and identify next steps.

What to Do if You Suspect BEC

Time is critical in a BEC attack. Once funds are transferred, the chance of recovery drops fast.

If you suspect your business has been targeted, act immediately and follow these steps:

  • Call your bank immediately: If you bank with FSB, contact your relationship manager or fraud team to attempt a wire recall or freeze the transaction.

  • Report the incident to law enforcement: File a report through the FBI’s Internet Crime Complaint Center (IC3). Include all known details to support the investigation and recovery.

  • Change all passwords and remove inbox rules: Secure the compromised account by updating credentials and deleting any forwarding or filtering rules the attacker may have set up.

  • Use alternate channels for urgent communication: Switch to a secure backup email or call key contacts directly. Avoid replying within the compromised thread.

  • Work with IT to investigate the breach: Preserve email logs, system activity, and any other evidence that may help identify the source of the attack.

  • Notify internal teams and affected partners: Keep leadership, accounting, vendors, and staff informed so everyone is aligned on next steps and no further damage occurs.

Quick action not only increases the chance of recovering funds but also helps prevent additional fallout across your operations and vendor relationships.

Business Email Compromise FAQs

What is Business Email Compromise, and how does it work?

Business Email Compromise (BEC) is a type of cybercrime where criminals use a compromised or spoofed email account to trick someone into sending money.

Attackers often monitor email conversations and insert themselves at the right moment to send fake payment instructions. The emails appear legitimate, making the fraud hard to detect until the money is gone.

Who is most at risk for Business Email Compromise?

Businesses of all sizes are at risk, but small and mid-sized companies are frequent targets.

They often have fewer internal controls, limited fraud training, and rely on email for approvals and payments. Anyone handling invoices, wire transfers, or vendor payments is a potential target.

How can you tell if an email is part of a BEC scam?

Red flags include last-minute banking changes, urgent payment requests, odd phrasing, or slight changes to email addresses or domains.

Always verify payment details offline using a known phone number; never rely solely on the contact information in the questionable email.

How can my business prevent Business Email Compromise?

Use multi-factor authentication, set up external email alerts, train employees on fraud tactics, and verify payment changes by phone. Limit who can approve transactions and review email rules regularly.

For added protection, use services like ACH Positive Pay or dual control for outgoing payments.

Stay Ahead of Business Email Scams

Business Email Compromise is one of the most financially damaging threats facing businesses today, and it’s not going away. The good news is that with the right mix of awareness, tools, and response protocols, you can reduce your risk and act fast if something goes wrong.

Looking to review your current process, strengthen your defenses, or get support if something doesn’t feel right? Reach out to FSB's Treasury Management team to get started!

Cathy Ehnen - Fraud Prevention Expert at Farmers State Bank (Marion, IA)

Written by

Cathy Ehnen

Since starting at FSB in 1990, Cathy has built a wealth of experience, spending over two decades in Retail Operations before joining the Fraud Department in 2016.

She regularly attends fraud prevention seminars and maintains strong connections with local financial institutions and law enforcement. Cathy serves as FSB's first line of defense in fraud prevention and is committed to safeguarding customers and the bank.

Questions about fraud? Contact Cathy today!

Call: 319-730-6970
Email: CathyEhnen@fsbmail.net

Related Articles

Business fraud trends in Eastern Iowa.

Business Fraud Trend

Learn about the latest business fraud affecting Eastern Iowa organizations.

See Recent Business Fraud Trends


Image of $100 bill.

Counterfeit Money

Recognize the signs of counterfeit money to protect yourself.

Spot Counterfeit Bills


Image of a fraudster washing a check to cash in his name.

Check Washing

Discover how to prevent your checks from being altered and cashed.

Prevent Check Fraud




Business Email Compromise Sources