About » Sections » Cyber Investigative Group

Business Email Compromise

Font Size: + -
Share & Bookmark, Press Enter to show all options, press Tab go to next option
Print

Business Email Compromise (BEC) is a sophisticated scam targeting both businesses and individuals performing a transfer of funds. The scam is frequently carried out when a cyber actor compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques resulting in an unauthorized transfer of funds.

How to Report

If you or your company fall victim to a BEC, it's important to act quickly:

  • Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent.
  • File a complaint with the FBI's Internet Crime Complaint Center (IC3).

What We Need From You

  • Timeline of events.
  • List of affected email accounts.
  • Copies of specific malicious emails.
  • Online Storage Table (OST) files and/or Personal Storage Table (PST) files of affected email accounts.
  • Any suspicious internet protocols (IPs) associated with the incident.
  • ISO disc images of affected endpoints (if available).
  • Access to incident response company firm's analysis (if applicable).

Best Practices

Be careful with what information you share online or on social media. By openly sharing things like pet names, links to family members, or your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.

Scrutinize the email address, URLs, and spelling errors used in any correspondence. Do not open an email attachment from someone you don't know, and be cautious of email attachments forwarded to you.

Do not click on anything in an unsolicited email or text message asking you to update or verify account information. Look up a company's phone number on your own, not using what the scammer provided, and call the company to ask if the request is legitimate.

Enable two-factor or multi-factor authentication (MFA) on accounts.

Verify payment requests by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request. Be especially cautious if the requestor is pressing you to act quickly.