Back to my results
Print or Download as PDF

Business email compromise (BEC) occurs when a scammer impersonates company employees or a trustworthy business, such as a vendor, business partner, financial institution, or utility company to gain trust and steal money or information.

These requests may start with messages received through email, a phone call, text, social media or messenger platforms. Scammers mimic official seals, fonts, logos and other details to look legitimate. Many times, the scammer has knowledge of the business’s internal procedures. These crimes can have legal, reputational, and financial consequences.

If money was transferred or paid and it has been less than 2 days since the incident, immediately report the incident to your bank or credit card company.

  1. Immediately contact your financial institution and issue a stop payment on any checks or wire transfers associated with the incident.
  2. Notify and reset the account passwords of all employees involved in the incident.
    • Begin with email passwords; however, all accounts associated with the user should have their passwords reset or disabled.
    • Revoke authentication tokens for all accounts involved in the incident.
  3. Check the “sent” and “deleted” folders for the affected email accounts for any suspicious emails or unauthorized contacts.
  4. Review the forwarding settings on the email accounts to ensure no messages are being sent to the scammer.
  5. Perform a virus scan to remove any malware that the scammer may have installed.
  6. Isolate any systems or devices that have been impacted. If possible, do not power them off.
  7. Report the incident to IC3.gov. If possible, file and keep a report from your local police. This may be useful during the investigation.
  8. If the scam you experienced has tax implications, complete and submit IRS form 14039-B.

    1. Track and document everything that happened.

    1. If another organization or business was identified during the investigation, notify them of the situation.

        • Consult with your legal counsel to decide the best way to do this.

    1. Retain copies of malicious emails and malware. 

        • Save any log files, backups, malware samples, memory images, etc. that have been identified.

    1. Continue to monitor for any further malicious activity related to this incident. Set up alerts to detect unusual activity (such as log-ins from unknown locations).

    1. Check with your cybersecurity insurance in the event of a financial loss.

    1. Discuss with a lawyer about whether or not to add a warning to your website or email.

    1. Conduct training and testing with employees to help them recognize signs of phishing and how to handle unusual requests for money or information.

Back to my results

Warn others (report a scam)

Good job taking control of the situation! We recommend taking a few moments to report the scam to the BBB, which can help us fight fraud. If you haven’t already, please consider reporting the incident you encountered to BBB Scam TrackerSM, our prevention and reporting platform.

 

Reporting the scam to the proper channels can help law enforcement shut down scam operations that prey on others; BBB shares its data with the Federal Trade Commission (FTC). Scam submissions are published on BBB Scam TrackerSM, which enables the public to search the reports and determine whether they are being targeted. BBB Scam TrackerSM reports are also used to publish timely research and consumer education resources. Report your scam incident to BBB Scam TrackerSM. 

Avoid future scams (learn how)

Research indicates that possessing knowledge about scams and scam tactics can help people spot and avoid scams that will inevitably target them. The unfortunate truth is that scammers will always try to steal data, money, and important information from people.

 

Even when scammers are caught, others will replace them. The best defense, then, is to understand what a scam looks like and how to respond. Protect yourself and your loved ones by learning more about scam types and tactics by visiting BBB’s Scam Prevention Guide.