Learn to Detect and Avoid Business Email Compromise Scams

Fraudsters may prey on the business relationship you have with your partners and customers to steal information or for financial gain. They may target and defraud your business through email scams. Learn how to protect yourself and keep your company safe.

Notice suspicious activity on your account?
Call us at 877-448-6500 Opens your phone app..

What you need to know

Be wary of urgent or unusual requests. Always confirm an email is from a reliable source.
If a supplier emails a change request for their payment information, call them at a known phone number to confirm.
Often small- and medium-sized businesses are the first to be targeted in email scams. Have an effective cybersecurity strategy in place and educate staff regularly on how to prevent, identify and recover from a security breach.

What's a business email compromise scam?

This is when fraudsters send an email appearing to be someone you know and trust — typically a colleague, manager or vendor. Fraudsters use a slight variation of the original email address. The email seems like a legitimate request that tricks you into transferring money to the fraudster or sharing confidential information. Fraudsters rely on impersonation and social engineering tactics to carry out different versions of the scam.

Types of business email compromise scams

Fake invoice scam

The fraudster impersonates a vendor the business regularly deals with and sends an invoice with updated banking information.

Fake boss scam

The fraudster impersonates a manager and asks an employee to purchase multiple gift cards for clients. The fraudster requests the employee to send the gift card serial numbers as soon as possible.

Warning signs of business email compromise scams

Urgent requests that are brief and encourage you to avoid normal procedures
Grammar and spelling errors or design inconsistencies
Language that's unusual for a vendor
Emails from personal accounts, like Gmail or Hotmail, instead of an organization's account
Emails are sent from a high-level executive who asks for information that seems strange

Stay safe with our tips

Always keep personal and business information confidential.
Train employees to identify the signs of a business email compromise scam. Have a cybersecurity policy in place and share the protocols for handling email requests.
Check for any missing emails or issues with your email account. Email forwarding may have been set up without your knowledge, which would redirect emails to a different account.
Change your passwords frequently. Use strong alphanumeric passwords that aren't easy to guess. Also, don't use the same usernames and passwords on multiple accounts.

Don’t click on anything in an unsolicited email that asks for information. Search for the company on your own and ask them if the request is legitimate.
Be diligent about what you download. Don't open an email attachment from an unknown sender and be wary of business emails forwarded to you.
Verify any payment or purchase requests or updates by calling the person on a known number to ensure it's valid.

Notice anything suspicious? Let us know.

Contact us immediately if you received a suspicious email or notice any unauthorized activity on your account.

Call us: 877-448-6500 Opens your phone app.

Explore more about business email compromise fraud

Internet Crime Complaint Center Opens in a new window.

Report fraud when it happens and track the latest data on fraud happening across the country.

American Bankers Association Opens in a new window.

Get connected with the resources banks use to help you identify, prevent and report fraud.

Internal Revenue Service Opens in a new window.

Recognize the different types of scammer tactics and take action against tax scams.

Protect yourself from business email compromise scams

What you need to know

What's a business email compromise scam?

Types of business email compromise scams

Warning signs of business email compromise scams

Stay safe with our tips

Notice anything suspicious? Let us know.

Explore more about business email compromise fraud

Continue to Internet Crime Complaint Center site?

Continue to American Bankers Association site?

Continue to Internal Revenue Service (IRS)?