Woman smiling at laptop with flowersIn recent years, business email compromise (BEC) has become a greater threat to companies of all sizes. But for small businesses, in particular, falling victim to BEC can be incredibly damaging. In fact, according to the Internet Crime Complaint Center, companies have lost more than $26 billion to BEC schemes as of July 2019 — and, unfortunately, that number continues to grow.

BEC schemes can be very sophisticated and quite believable, especially compared to more well-known email schemes like IRS imposter and lottery scams. As a business owner, it’s important to understand how BEC scams work and take proactive steps to help protect your company.

How BEC schemes work

As the name implies, business email compromise is conducted almost exclusively via email, although in some instances, scammers may also make contact by phone or mail. When carrying out their scheme, scammers will typically pose as someone familiar to their target — such as a company executive, colleague, well-known vendor, or client. 

While BEC schemes may vary ultimately, scammers all have the same goal: to trick their victims into sending them a large sum of money. In order to do so, they might:

  • Pose as the company’s CEO, ordering an employee to complete a large transaction by ACH transfer.
  • Impersonate a well-known vendor, requesting that a payment be sent to a new address or account.
  • Intercept an active deal by asking your client to wire funds into a different account.

Often, scammers will use lookalike email addresses to carry out their scheme. The differences may be minor — for example, the scammer may use an email address ending in .gmail or .net instead of .com — and may be easily overlooked, particularly if the recipient doesn’t pause to inspect the sender’s email address.

In order to make their scheme more believable, scammers often conduct extensive research before making contact, leveraging publicly available information about your company, clients, and employees. In some cases, they might go further, conducting malware attacks or phishing attempts designed to give them access to highly sensitive information or company accounts. 

How to safeguard against BEC

Although BEC schemes may be hard to detect, your company can take steps to help avoid them. With awareness and education, your team can learn how to quickly spot the red flags and stop scammers in their tracks. 

  1. Ensure your employees are fully trained on the most common types of fraud and know how to spot the red flags. Encourage employees to always pause and verify information on any new or revised requests, particularly those pertaining to financial transactions.
  2. Practice good cybersecurity throughout your organization. Be sure that all members of your staff use strong, unique passwords or a passphrase featuring a combination of letters, numbers, and symbols – the longer the password the better. You should also require multi-factor authentication whenever possible.
  3. Make sure all members of your team are assigned a company email address — employeename@yourcompany.com, for example. Ask your team to refrain from using personal email accounts for work-related purposes, as this can make it easier for a scammer to impersonate an employee. 

For more business fraud prevention tips, check out our small business guide to cybersecurity.

Resources for Small Business

Use this interactive tool to develop your business plan today:

Business Plan Tool