Skip to Content
BEC phishing emails
© Andrey Popov |
Security & privacy

This tricky email scam can fool just about anyone

Business email compromise (BEC) is one of the leading causes of company fraud, and the threat is growing. These are phishing emails where scammers pretend to be someone who works in your company to steal vital information or rip you off financially.

Read on to discover why BEC scams are rising and get a few suggestions to avoid falling victim.

BEC phishing emails on the rise

Phishing emails are usually designed to trick the receiver into clicking a malicious link, downloading malware or supplying sensitive information. In a twist on these old scams, criminals are now targeting employees with BEC phishing emails.

Thieves spend some time getting to know the ins and outs of a company before targeting employees. Then they send emails pretending to be coworkers or even your boss in hopes of catching you off guard.

BEC emails can contain PDF or Word documents that claim to be payment confirmations, purchase orders or delivery receipts. But once you click the link, it infects your device with malware. Some schemes skip malware altogether and request payment from company funds.

According to cybersecurity company Abnormal Security, impersonating a company executive through phishing emails is on the rise. What makes it even scarier is that many of these emails are convincing, and almost anyone could fall for them.

“The median open rate for text-based business email compromise attacks involving the impersonation of internal executives and external third parties was nearly 28%, with an overall average read rate of 20%,” it explains in a blog post.

By impersonating an executive, scammers send emails to suppliers, finance departments or customers, asking about an outstanding payment and informing them about the company’s new banking details. 

And that’s how the latest scams work. No malicious links, attachments, or malware are needed. If the recipient doesn’t follow simple security measures, they could hand over company details or even finances without suspicion.

Another issue Abnormal Security warned about is the lack of reporting by employees. Employees report only 2.1% of BEC attacks to their company. That’s terrible!

If you think you’ve received a BEC scam email, report it to IT ASAP. That way, IT can let other employees know what to watch for to protect the company. Even if it turns out not to be a BEC scam, it’s good to let your company know. It’s always better to be safe than sorry.

How to avoid falling victim to BEC scams

BEC scams are sophisticated versions of phishing attacks. Fortunately, there are several things you can do to protect yourself from them. Here are a few suggestions:

  • Check incoming email addresses carefully, especially when they demand financial transactions. Even a single missing character could be the difference between a real email and a fake one.
  • Look for recurring subject lines like “Request,” “Follow-up,” “Urgent/Important,” “Are you available?/Are you at your desk?” and others.
  • Verify messages from your boss requesting money transfers, gift card purchases and any request involving sensitive company information. See them in person, or give them a call.
  • Don’t click on web links or attachments in any suspicious emails. They could redirect you to a malicious site or install malware onto your computer.

If you think you are the victim of fraud, immediately contact your financial institution to request a recall of funds. Regardless of the amount lost, file a complaint with or, for BEC/EAC victims, as soon as possible.

Keep reading

Can you spot the giveaway in this scam email?

Why you should use Google to search for your email address right now

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook