About Us

What is Business E-mail Compromise (BEC)?

BEC fraud is a scheme whereby cyber criminals gain access to an employee’s legitimate business email through social engineering or computer intrusion to impersonate an employee – often a senior executive or someone who can authorize payments – and instructs others to transfer funds on their behalf.

BEC schemes target financial institutions’ commercial customer executives or employees to:

How is BEC fraud carried out?

The FBI has identified five main scenarios by which BEC fraud is carried out:

Here are some examples:

Scenario 1 – Criminal impersonates a Financial Institution’s Commercial Customer: A criminal hacks into and uses the email account of a Company A employee to send fraudulent wire transfer instructions to Company A’s financial institution. Based on this request, Company A’s financial institution issues a wire transfer and sends funds to an account the criminal controls. In this scenario, the criminal impersonating the financial institution’s customer prompted the financial institution to execute an unauthorized wire transfer.

Scenario 2 – Criminal Impersonates an Executive: A criminal hacks into and uses the email account of a Company B executive to send wire transfer instructions to a Company B employee who is responsible for processing and issuing payments. The employee believing the executive’s emailed instructions are legitimate, orders Company B’s financial institution to execute the wire transfer. In this scenario, the criminal impersonating a company executive misled a company employee into unintentionally authorizing a fraudulent wire transfer to a criminal-controlled account.

Scenario 3 – Criminal Impersonates a Supplier: A criminal impersonates one of Company C’s suppliers to email and inform Company C that future invoice payments should be sent to a new account number and location. Based on this fraudulent emailed information, Company C updates its supplier’s payment information on record and submits the new wire transfer instructions to its financial institution that direct payments to an account controlled by the criminal. In this scenario, the criminal impersonating a supplier provided fraudulent payment information  to mislead a company employee into unintentionally directing wire transfers to a criminal-controlled account. 

Source: FinCen Advisory, FIN-2016-A003

Ways Bristol County Savings Bank protects you

The Bank has a number of safeguards in place designed to protect your business when moving money, including:

What to do if your business has fallen victim

If you fall victim to a business email compromise scam:

Steps you can take to protect your business

Businesses can protect themselves and their employees by using alternative communication channels to verify any large transaction requests and by educating their employees on potential red flags of fraud.

Bristol County Savings Bank recommends the following tips to help you avoid business email compromise:

Additional Resources

The following resources are available to assist further educating yourself on BEC schemes to help protect your business:

For additional cyber security and fraud related information visit the security awareness section of our website.

FBInsure provides specialty cyber liability insurance. If you are interested in more information contact Ed McGuire, FBInsure’s Director of Specialty Insurance at 508-824-8666 or emcguire@fbinsure.com.