Skip to Content

Business Fraud - Email Account Compromise

Email account compromise (EAC) is a form of fraud perpetrated on consumers and businesses in an attempt to get you to send fund transfers, ACH transfers and/or check payments.  Email account compromise perpetrated on business customers is known as Business Email Compromise or BEC.

The fraudsters find their targets primarily through social media, publicly available company email accounts, or social engineering.  After the email addresses are harvested, a series of phishing or malware attacks are sent hoping a recipient will click on a hyperlink or open an infected attachment that will allow control of the email account.

If successful, the criminals will divert email conversations so that they are in total control without the victim knowing.  They gain access to past email history and the victim’s contacts and customers.   For BEC schemes they will target higher level employees within an organization that have funds transfer authority.  They will send instructions from the compromised email address to send fund transfers, change payroll account numbers, create new ACH and Bill Pay recipients, or request cashier checks.

How can I protect myself?

  • Use caution when opening emails and clicking on (or even hovering over) any links that come from unknown sources.
  • Use strong passwords and change them often.
  • Do not click on “Remember Me” or save your passwords on websites
  • Utilize multifactor authentication
  • Visit websites that you know and trust
  • Use caution on public Wi-Fi

Stay up-to-date on current email compromise fraud trends at https://www.fbi.gov/BEC.

0 comments

Denotes required fields

Aa Aa Aa