Business Email Compromise Defensive Strategies

Business Email Compromise

At the heart of what the FBI has named a "$26 billion scam" is something you casually navigate every day: your email. In the last few years, Business Email Compromise (BEC) has ballooned into the most costly type of cybercrime, targeting business and personal accounts alike.


We are constantly studying the threat of BEC attacks and want to arm you with proven defensive strategies in this Vantage Bank Public Service Announcement.

Business Email Compromise is a cyber attack in which a cybercriminal breaches a company’s email system to commit fraudulent activities.

The attacker gains access to the system by sending an email that appears legitimate,
but actually contains a malicious link or attachment.

Doing this simple check can protect you from being a victim.

One. Look for red flags, like an odd sender’s address or urgent requests.

Two. Verify the request with information you have on file.

Three. When in doubt, show the email in-person to someone you trust.

Visit Vantage dot bank to learn more about protecting yourself from Business Email Compromise.

BEC may involve a sophisticated back-end operation, but how it works is simple. A scammer spoofs or hacks the email of a colleague, vendor or authority figure to trick the receiver into sending them funds or sensitive information. By manipulating a victim through fear and urgency, scammers bypass standard cybersecurity defenses.


Prevention of BEC comes down to awareness. Learn how to identify a malicious email by doing this BEC Check every time you open an email:

  1. Look for red flags.
    Does the sender's address look off? Are there typos or odd phrases? Are they urgently requesting a funds transfer, account change, or sensitive information?
  2. Verify with information on file.
    If you see red flags, call your client or vendor using a verified phone number on file – not in the email.
  3. Consider if the sender was hacked.
    A hacked sender’s domain will still look genuine. Don’t trust it, especially if there’s a payment request. Verify before you act.
  4. Show a trusted friend.
    Confirm your suspicions with a second opinion, especially from someone with a cybersecurity background.

Hackers may also try to breach your email account. Incorporate these tips into your online behavior so your identity and data aren’t stolen.

  1. Only submit sensitive information to websites that use encryption. Look for the “Connection is Secure” lock and “https://” in the URL.
  2. Always sign out or log off of password protected websites and your email when finished.
  3. Lock your workstation anytime you step away from your desk.
  4. Create unique and unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
  5. Do not share passwords or sensitive information in response to any emails or text messages.
  6. Beware of links in unsolicited emails, social media messages or texts directing you to a website.

If you're a business leader, host regular security awareness training, educate your employees with phishing simulations, and share out quick-read articles like this one.


Given the spike we've seen in BEC attacks, it's not a matter of if, but when you or your business will be targeted. Your best defense is raising awareness of threats and proactive security measures, starting with putting these tips into practice.


DISCLAIMER: This material is for informational purposes only. Vantage Bank assumes no liability for any loss or damage resulting from one's reliance on the material provided.