Is an e mail from a source other than the source it appears to be from that requests data from you?

Business Email Compromise 

Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:

• A vendor your company regularly deals with sends an invoice with an updated mailing address.
• A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
• A homebuyer receives a message from his title company with instructions on how to wire his down payment.

Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.

How Criminals Carry Out BEC Scams 

A scammer might:

• Spoof an email account or website. Slight variations on legitimate addresses ( vs. ) fool victims into thinking fake accounts are authentic.
• Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
• Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.

How to Report 

If you or your company fall victim to a BEC scam, it’s important to act quickly:

• Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent.
• Next, contact your local FBI field office to report the crime.
• Also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

How to Protect Yourself 

• Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
• Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
• Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
• Be especially wary if the requestor is pressing you to act quickly.

Resources 

Related FBI News and Multimedia

• 10.03.2022

  Georgia Man Who Laundered Millions from Romance Scams, Business Email Compromises, and Other Online Fraud Receives 25-Year Sentence

  Elvis Eghosa Ogiekpolor of Georgia has been sentenced to 25 years in prison for money laundering and conspiracy to commit money laundering.

• 09.28.2022

  Extradited UK Citizen Pleads Guilty to Defrauding Virginia Commonwealth University in Business Email Compromise Scheme

  A United Kingdom citizen pleaded guilty to conspiracy to commit wire fraud, after being extradited from the United Kingdom at the request of the United States.

• 09.21.2022

  Florida Man Convicted in Business Email Compromise and Money Laundering Scheme Targeting Hedge Fund

  Mustapha Raji was found guilty for his participation in a $1.7 million business email compromise and money-laundering scheme that targeted a hedge fund.

• 08.10.2022

  Three Nigerian Nationals Extradited to the United States from the United Kingdom for Participating in Business Email Compromise Fraud Schemes

  Three Nigerian citizens were extradited from the UK to the U.S. in relation to their alleged participation in multi-million-dollar cyber BEC fraud schemes.

• 07.27.2022

  Lake Placid, Florida Man Charged for Participating in Business Email Compromise Scheme Spanning Four States

  Timothy Scott Marable of Florida has been arrested for his role in a business email compromise scheme that impacted at least four businesses in four different states.

• 05.20.2022

  Nigerian Man Extradited from United Kingdom for Participating in Business Email Compromise Scams

  Chibundu Joseph Anuebunwa of Nigeria was charged with conspiracy to commit wire fraud and wire fraud in a multi-million-dollar business email compromise campaign.

• 05.19.2022

  BEC Scams Reported Number One Scam in Arizona Breaking Down the IC3 Annual Report

  The FBI Phoenix Field Office is warning the public about an increase in business email compromise (BEC)—also known as email account compromise (EAC) fraud.

• 05.19.2022

  Florida Man is Found Guilty in Connection with a Business Email Compromise Scheme

  Pierre Yvelt Almonor of Miami Gardens has been convicted for his role in a conspiracy to launder illegal proceeds from a business email compromise scheme.

• 04.15.2022

  FBI Las Vegas Federal Fact Friday: Business Email Compromise (BEC)

  The FBI Las Vegas Field Office is providing information on Business Email Compromise (BEC), a cyber scam targeting businesses that regularly conduct wire transfers.

• 03.30.2022

  Coordinated Global Operation Disrupted BEC Schemes

  Operation Eagle Sweep targeted BEC scammers believed to be responsible for victimizing at least 500 people in the United States.

What technology is being used when you are sent an email?

Is an organization wide network that is closed to public access and uses internet type technology?

Is a private network that creates secure connections over regular internet lines?

Is a combination of technologies that add intelligence and change how people interact with the Web?