What is Business Email Compromise?
Business email compromise (BEC) is a sophisticated online scam that involves gaining unauthorized access to email accounts to transfer funds or gain access to sensitive data.
BEC attacks are effective because they exploit human weaknesses, such as trusting authority, acting impulsively, and responding to urgent requests. Scammers may use social engineering or computer intrusion to gain access to accounts. They may then impersonate a legitimate sender, such as a CEO or CFO, to trick employees into taking actions like transferring funds or providing sensitive data.
Here are some tips to protect yourself from BEC:
- Verify the sender's email address, especially when using a mobile device.
- Ensure the URL in emails matches the business or individual it claims to be from.
- Be wary of hyperlinks with misspellings of the domain name.
- Don't provide login credentials or personal information via email.
- Use two-factor authentication or secondary channels to verify requests for account information changes.
If you are a victim of BEC, you should:
- Contact your financial institution immediately.
- File a complaint with the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.