Business Email Compromise/ Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. Transfer-of-funds requests can be initiated via Automated Clearing House (ACH) origination or wire transfer services. The scam is frequently carried out when a cyber-criminal compromises a legitimate email account through social engineering or computer intrusion to conduct unauthorized transfers of funds. Typical examples could be change of wire instructions for a real estate transaction or spoofed emails appearing to be from employees requesting a change to their direct deposit account.
Suggestions for protection:
- Always verbally verify wire instructions or direct deposit/ACH account changes or when dealing with a new beneficiary/payee
- Ensure the URL in emails is associated with the business it claims to be from
- Be alert to hyperlinks that may contain misspellings of the actual domain name
- Keep all software patches up to date on all systems and devices
- Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders name and/or email address match whom it is coming from.
What to do if you are a victim:
If funds are transferred to a fraudulent account, it is important to act quickly:
- Contact your financial institution immediately upon discovering the fraudulent transfer.
- Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent.
- Contact your local Federal Bureau of Investigation (FBI) office if the transfer is recent. The FBI, working with other government agencies may be able to help return or freeze the funds.
- File a complaint, regardless of dollar loss, with the Internet Crime Complaint Center (IC3) at ic3.gov or, for Business Email Compromise/ Email Account Compromise victims visit bec.ic3.gov.