Email Schemes

Main

Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. Transfer-of-funds requests can be initiated via Automated Clearing House (ACH) origination or wire transfer services. The scam is frequently carried out when a cyber-criminal compromises a legitimate email account through social engineering or computer intrusion to conduct unauthorized transfers of funds. Typical examples could be change of wire instructions for a real estate transaction or spoofed emails appearing to be from employees requesting a change to their direct deposit account.

Types of attack:

  • Spoofing an email account or website by changing one letter in the company name
  • Sending spear phishing emails to trick employees into providing sensitive information or access to a computer system
  • Using malicious malware to access information about a business' billing and invoice data to gain access to victim's data
  • Impersonating a vendor with slightly altered websites and/or email addresses from the website
  • Sending an email that an account has been compromised and to verify payment information

Suggestions for protection:

  • Always verbally verify wire instructions or direct deposit/ACH account changes or when dealing with a new beneficiary/payee.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Keep all software patches up to date on all systems and devices.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the senders name and/or email address match whom it is coming from.

What to do if you are a victim:

If funds are transferred to a fraudulent account, it is important to act quickly.

  • Contact your financial institution immediately upon discovering the fraudulent transfer.
  • Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent.
  • Contact your local Federal Bureau of Investigation (FBI) office if the transfer is recent. The FBI, working with other government agencies may be able to help return or freeze the funds.
  • File a complaint, regardless of dollar loss, with the Internet Crime Complaint Center (IC3) at ic3.gov or, for Business Email Compromise/Email Account Compromise victims visit bec.ic3.gov.
Protecting Your Information

Your privacy always comes first. Understand how we use your information and the options for limiting the sharing of your information.

Learn More  

Email Schemes

Email scams are frequently carried out when a cyber-criminal compromises a legitimate email account through social engineering or computer intrusion to conduct unauthorized transfers of funds.

Learn More

Fraud and ID Theft

Identity thieves acquire your personal data and may use this information to drain your bank account, run up charges on your credit cards, open new utility accounts, or get medical treatment on your health insurance.

Learn More

Online Banking

Online Banking fraudsters frequently use nefarious means to acquire the private details you use to login to your online accounts. With this information they proceed to steal funds, often before you realize it.

Learn More