The Rise of Business Email Compromise Scams

The Rise of Business Email Compromise Scams

Business Email Compromise – or BEC – is an increasingly common scam targeting U.S. and European companies that is often carried out by criminal organizations. In most cases, attackers from these organizations target employees who have access to company finances or W-2 information with the intention of tricking them into transferring money or sending data records. The deceptive techniques used to target and exploit victims vary from spear phishing and social engineering to email spoofing and computer intrusion techniques (malware).


The FBI 2017 Internet Crime report highlights growing trends in cybercrime that were seen last year. BEC – or “CEO Fraud” – led the pack in 2018, topping $676 million in victim losses. Since 2015, there’s been a staggering 1,300% growth in losses as a result in the spike in these frauds, now totaling over $3.0 billion in the past three years alone. BEC is a serious threat on a global scale that’s expected to continue to rise with the increased reliance on business email.

Anatomy of the Scam

A BEC scam can take on various forms. One common scheme, called CEO impersonation, attempts to persuade a target into wiring money for apparent business purposes. This scheme usually begins with the attacker compromising the CEO of the target company’s email account through a phishing or malware attack. After spending some time monitoring email communications to carefully understand the company’s vendor relationships as well as the CEO’s interests, email communication style and travel plans, the target is then chosen.

Employees from Finance or Accounts Payable – or even the Controller – are often primary scam targets. At the appropriate time, the attacker sends a phony email to the selected target from either the CEO’s inbox or a lookalike domain name (which is usually one or two letters off from the company’s true domain name). The email typically requests an immediate wire transfer to the attacker’s account, whose account number has been modified and disguised as that of a trusted vendor. Unless the scheme is detected in a timely manner, any transferred money is often difficult to recover.

Don’t Fall Victim

Schneider Downs recommends any number of the following procedures to help your organization develop its own effective defensive strategy against BEC and other email cyberattacks:

  • Establish and enforce proper procedures and policies.
  • Trust But Verify
    • Scrutinize emails containing requests for wire transfers and W-2 information. 
  • Create email rules to flag emails where "reply" and "from" email addresses do not match.
  • Promote user awareness regularly beginning at employee onboarding. 
  • Incorporate checks and balances as compensating controls
    • Call previously known phone numbers to confirm transfer requests. 
  • Be a change agent (see something, say something!).
  • Conduct simulated email cyberattacks among company employees. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Staying Secure During Vacation Season
What Should a Service Organization Consider When Determining Its SOC Report Testing Period?
Lincoln College Closes Due to Ransomware Attack
Benefits of a Contract Lifecycle Management System
What Were the Most Routinely Exploited Vulnerabilities of 2021?
What is blockchain? How can I secure my blockchain environment?
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.