The Rise of Business Email Compromise Scams

The Rise of Business Email Compromise Scams

Business Email Compromise – or BEC – is an increasingly common scam targeting U.S. and European companies that is often carried out by criminal organizations. In most cases, attackers from these organizations target employees who have access to company finances or W-2 information with the intention of tricking them into transferring money or sending data records. The deceptive techniques used to target and exploit victims vary from spear phishing and social engineering to email spoofing and computer intrusion techniques (malware).


The FBI 2017 Internet Crime report highlights growing trends in cybercrime that were seen last year. BEC – or “CEO Fraud” – led the pack in 2018, topping $676 million in victim losses. Since 2015, there’s been a staggering 1,300% growth in losses as a result in the spike in these frauds, now totaling over $3.0 billion in the past three years alone. BEC is a serious threat on a global scale that’s expected to continue to rise with the increased reliance on business email.

Anatomy of the Scam

A BEC scam can take on various forms. One common scheme, called CEO impersonation, attempts to persuade a target into wiring money for apparent business purposes. This scheme usually begins with the attacker compromising the CEO of the target company’s email account through a phishing or malware attack. After spending some time monitoring email communications to carefully understand the company’s vendor relationships as well as the CEO’s interests, email communication style and travel plans, the target is then chosen.

Employees from Finance or Accounts Payable – or even the Controller – are often primary scam targets. At the appropriate time, the attacker sends a phony email to the selected target from either the CEO’s inbox or a lookalike domain name (which is usually one or two letters off from the company’s true domain name). The email typically requests an immediate wire transfer to the attacker’s account, whose account number has been modified and disguised as that of a trusted vendor. Unless the scheme is detected in a timely manner, any transferred money is often difficult to recover.

Don’t Fall Victim

Schneider Downs recommends any number of the following procedures to help your organization develop its own effective defensive strategy against BEC and other email cyberattacks:

  • Establish and enforce proper procedures and policies.
  • Trust But Verify
    • Scrutinize emails containing requests for wire transfers and W-2 information. 
  • Create email rules to flag emails where "reply" and "from" email addresses do not match.
  • Promote user awareness regularly beginning at employee onboarding. 
  • Incorporate checks and balances as compensating controls
    • Call previously known phone numbers to confirm transfer requests. 
  • Be a change agent (see something, say something!).
  • Conduct simulated email cyberattacks among company employees. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Ransomware Victims May Now Face Federal Fines
The Hardware Failure That Took Down The Tokyo Stock Exchange
Schneider Downs Shortlisted for PTC Tech 50 Cybersecurity Award
The FFIEC’s Take on Addressing Pandemic Planning within Business Continuity Processes
Cybersecurity Tips from Home Video Series
National Cybersecurity Awareness Month 2020

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102