One convincing email. One urgent wire request. One very expensive mistake. Business Email Compromise is one of the most financially damaging scams targeting people and businesses today—and it works because it doesn’t look like a scam at all.

You’re in the middle of a busy week. An email lands in your inbox from what looks like a trusted vendor, your real estate closing agent or even your own boss. The message is professional, the tone is familiar and the request seems routine: updated payment instructions for a pending wire transfer. So you send it.

That’s exactly what scammers are counting on.

What Is Business Email Compromise?

Business Email Compromise (BEC) is a type of fraud where scammers target individuals and businesses that regularly send money. They use deceptive, realistic-looking emails to trick people into making unauthorized wire transfers—often to accounts they control.

What makes BEC different from a typical phishing scam is the level of effort behind it. Fraudsters either gain access to a legitimate email account through social engineering or unauthorized system access, or they create a convincing fake one. Either way, the message you receive looks like it came from someone you trust.

According to the FBI’s 2024 Internet Crime Report, BEC was responsible for nearly $2.8 billion in reported losses last year alone, making it the second most costly cybercrime in the country.

How Does a Business Email Compromise Scam Work?

These scams don’t happen by accident. They’re planned, and the setup can take time. Here’s the typical playbook:

• The fraudster compromises or spoofs a legitimate email account to make messages look authentic.
• They study communication patterns, ongoing transactions and invoices to make their request believable.
• A message is sent requesting a wire transfer, often with a sense of urgency or confidentiality.
• The instructions include new or updated payment details that direct funds to an account the scammer controls.
• Once the transfer goes through, the money is moved quickly, making recovery difficult.

The urgency and familiarity are intentional. Scammers know that people are less likely to pause and verify when a request feels routine or time sensitive.

What Are Common Business Email Compromise Scenarios?

BEC scams show up in a variety of situations. Some of the most common include:

• Vendor or supplier payment updates – You receive an email that appears to be from a regular vendor asking you to update their payment information before the next invoice.
• Real estate wire fraud – A closing agent sends last-minute instructions to wire your down payment or closing funds to a new account.
• Redirected invoice payments – A familiar invoice arrives with slightly different payment details, rerouting funds to a fraudulent account.

These aren’t random targets. Scammers look for situations where wire transfers are expected, making the request easy to overlook.

How Can You Protect Yourself From Business Email Compromise?

A few simple habits can go a long way in stopping these scams before they cause damage.

• Verify requests through a separate channel. If you receive an email asking you to wire money or update payment details, confirm it by calling the sender directly using a phone number you already have on file—not one provided in the email.
• Review the sender’s full email address. On mobile devices especially, display names can mask fraudulent addresses. Look at the actual address and watch for subtle misspellings or variations of real domain names.
• Be skeptical of urgency or confidentiality. Scammers use pressure to get you to act before you think. A legitimate request can almost always wait for a quick verification call.
• Strengthen your passwords. Use unique passwords or passphrases for each account and update them periodically. This limits the damage if one account is ever compromised.
• Check links before clicking. Hover over or press and hold any link to preview the URL before opening it. Fraudulent links often include slight misspellings of real domain names.
• Protect your personal and login information. Don’t share credentials or sensitive details over email, even if a message appears legitimate.
• Monitor your account regularly. Keep a close eye on your checking and business accounts for any unusual transactions. The sooner you spot something, the better your chance of stopping it.

What Should You Do If You Think You’re a Victim?

Speed matters. If you’ve sent a wire transfer and suspect it was fraudulent, contact Consumers Credit Union right away at 800.991.2221. The faster you report it, the better the chance of recovering funds before they’re moved further.

You can also report the incident to the Internet Crime Complaint Center at ic3.gov, the FBI’s hub for tracking cybercrime. Your report helps investigators identify patterns and potentially stop the same scammers from targeting others.

 

Federally insured by NCUA