Skip to content
Independent consumer protection publication Educational guidance — not legal or financial advice

Protection Guide

Business Email Compromise (BEC): Red Flags and Prevention Guide

· James Carter
Business Email Compromise (BEC): Red Flags and Prevention Guide - ScamReporting.org

James Carter

Financial Fraud Editor · Chicago, IL, USA

Related BEC Guides

What Is Business Email Compromise?

Business email compromise (BEC) is a targeted fraud scheme where criminals impersonate executives, vendors, or colleagues to trick employees into wiring money, changing payment details, or sharing sensitive data. Unlike mass phishing, BEC is highly personalized and often uses compromised or spoofed email accounts.

Warning Signs

  • Urgent wire-transfer requests from a CEO, CFO, or attorney
  • Last-minute changes to vendor bank account details
  • Slightly altered email domains (e.g., company-inc.com vs company.com)
  • Secrecy pressure — “do not discuss with finance” or “confidential acquisition”
  • Requests outside normal approval workflows
  • Invoice duplicates with new payment instructions

Common BEC Schemes

  • CEO fraud — fake executive emails demanding immediate transfers
  • Invoice redirection — hacked vendor accounts sending fake invoices
  • Vendor impersonation — attackers pose as suppliers updating wire details
  • Payroll diversion — HR receives fake requests to change direct deposit

What to Do

  1. Verify out-of-band — call a known number; never use contact details in the suspicious email
  2. Enforce dual approval for all wire transfers and vendor changes
  3. Enable DMARC, DKIM, and SPF on your domain
  4. Train staff on BEC red flags quarterly
  5. Report incidents via our report form and to the FBI IC3

Related Resources

Frequently Asked Questions

How is BEC different from phishing?

Phishing casts a wide net with generic lures. BEC targets specific employees with believable, context-rich messages that mimic real business processes.

Can small businesses be targeted?

Yes. Small and mid-size businesses are frequent targets because they often lack formal payment verification procedures.

What is the fastest way to verify a wire request?

Call the requester using a phone number from your internal directory — not the number or link in the email.

Should we pay if we already sent money?

Contact your bank immediately to attempt a recall, file an IC3 report, and see our recovery resources.

Related Guides

Helpful resources:

Scam Types · Stay Safe · Get Help · Report a Scam