How to Protect Your Company from Business Email Compromise

someone working on their computer

Business Email Compromise (BEC) is a type of cybercrime that is growing more common.

The scammer uses email to impersonate a trusted figure in hopes of eventually tricking someone into sending money or divulging confidential information.

While it can be tricky to spot BEC, especially with scammers continually upgrading their methods, there are red flags you should learn to recognize.

BEC Red Flags

  • Use of free, web-based email addresses (yahoo, Gmail, proton, etc.)
    • These are available for anyone to use, so they are a favorite tool for scammers.
  • Spelling and grammatical errors
    • The rise in use of Artificial Intelligence (AI) tools has improved the writing used in scam emails.
  • The email closely resembles a known client/vendor email address; however, it is slightly different. Here is an example:
    • If your contact’s verified email address is john-doe@abc.com, scammers may try to impersonate it by using a variation with characters altered.
      • John_doe@abc.com, john-doe@bcd.com, john-d0e@abc.com.
  • Email includes language that suggests the transaction request is “urgent,” “secret” or “confidential.”
    • They are attempting to convince the recipient to act without due diligence or sharing the request with others.
  • They are unreachable or refuse to speak via telephone.
    • They use email to conceal their real identity. If they were to answer the phone, you may recognize their voice does not match who they are impersonating.
  • When it comes to payment related BEC schemes, look out for these red flags specifically:
    • They request funds be sent to a new account or entity that has not been used previously.
    • The amount requested is unusual or inconsistent with previous transactions.
    • The email contains different payment instructions than previous requests.
    • Normal verification procedures are not followed.
    • They request additional payments immediately following a successful payment to a new account.

Creating Best Practices for Verification

At Bank of Colorado, we recommend adopting and strictly enforcing best practices regarding payment verification when clients/vendors request to change their payment method or instructions.

  • Always call to confirm with your client/vendor over the phone at a known number (not a number in the email/text/fax) to verify if they indeed sent the request.
  • Adopt dual control for sending large payments. A second set of eyes may help spot potential pitfalls.
  • Properly vet new vendors. Scammers may pose as legitimate companies.
  • Watch for changes in invoice patterns. More frequent or larger invoices could be a red flag of BEC.
  • Closely monitor your accounts to watch for inconsistencies.
  • Always contact vendors on large payments to verify receipt.
  • Install virus protection software for all devices.
  • Always use multi-factor authentication for your accounts.
  • Use caution when downloading files or programs onto your devices.

If you encounter a Business Email Compromise payment scam it is important to act fast.

While there is never a guarantee of recovery, the sooner you contact the bank, the greater chance you will have to recover lost funds.

If you have questions or think you’ve been impacted by BEC, please contact us.

Find your local branch at bankofcolorado.com/locations
     Ask to speak with a banker or your Treasury Manager. 
Business Customer Support: 1-800-789-7156.
Business Premium Customer Support: 1-800-227-7471.