Subscribe

Fraud | September 2024 How to detect and defend against business email compromise

How to detect and defend against business email compromise

Trust is the foundation of business interactions. Online scammers understand and rely on this when they use social engineering tactics to compromise your company. One of their main methods is business email compromise (BEC). This type of fraud is responsible for $8 million in losses around the world every day.Disclosure 1

Key concepts

In this article, you’ll learn how to:

  • Identify business email compromise attacks.
  • Learn what makes BEC a unique type of social engineering fraud.
  • Reduce your risk—and your employees’ risk—of being compromised.

Video: a quick introduction to email fraud

Component ID : "accordionGridLayout-933735257"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Email Fraud

(Visual Description: Fraud Prevention 101: Email Fraud

Truist title and logo in the lower right corner.

Email fraud, avoid falling for this common trick into sharing sensitive information.

Definition reads: Email Fraud - A fraudulent email scheme performed by a dishonest individual, group or company in attempt to obtain money or something else of value.)

Companies experience email fraud when individuals click on a malicious link or provide personal information. 

(Visual Description: An example of a suspicious email from CEO memo <marky.shurtserberg@phase.book.com.ru> is shown on a computer screen. The email contains a button that reads “Meeting” which is clicked. A motion graphic follows to depict that the user’s computer has been compromised. 

The most common email scams appear to come from senior officers at your organization or from existing vendors. 

They can be difficult to differentiate from legitimate emails, especially as fraudsters become more sophisticated. 

Stay vigilant. If you see something suspicious, call the person who sent you the email and verify their request.

(Visual Description: Learn to keep your business safe

Truist logo and Truist Title appear in the center of page. 

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure:

Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

What is a business email compromise attack?

In a business email compromise attack, a fraudster impersonates or takes over the account of a trusted employee, vendor, or federal agency. Its success depends on how convincingly it can imitate the account being impersonated. If it works, your employees might hand over sensitive data (including passwords), transfer funds to criminals, or click malicious links that can compromise your computer network.

Adjusted losses for business email compromise attacks for 2023 totaled over $2.9 billion.Disclosure 2

Good news: Employee awareness is on the rise.

Almost 90% of employees know to be wary of unexpected email and 84% understand email attachments can contain malware.Disclosure 3 For those who don’t, training is key to building awareness and confidence.

Case study: Comparing email addresses helps pharmacy stop a BEC attack. When an order for $500,000 in prescription medications came in from a large medical center, pharmacy staffers carefully checked the details.Disclosure 4 Even though the paperwork looked valid, one employee noticed the email address didn’t match the one on file. When the employee called the medical center, a representative told them the order was a sham.

21,489 BEC complaints were filed with the FBI’s Internet Crime Complaint Center in 2023.Disclosure 2

Best practices and prevention

Anyone can be the target of business email compromise. Knowing what signs to look for—and what actions to avoid—can help keep your employees from falling victim. Here are some common strategies for preventing BEC attacks.

Train staff to double-check email addresses and message details.

BEC scammers often imitate the email addresses of real employees or business associates. The giveaway may be something as small as one- or two-letter inconsistencies in the username or a misspelled domain after the @. These imposter emails often express urgency, arrive at odd hours, appear to come from an executive or person of authority, and may request secrecy or reference an unfamiliar project.

Limit what you publicize about employees, roles, and email addresses.

Every BEC attack relies on access to employee details such as names, titles, and email addresses. Only share that information with trusted partners—and encourage them to report any suspected attacks, whether attempted or successful.

Require strong passwords and multifactor authentication.

Sometimes, hackers will take over the actual email account of someone you trust and then send emails directly from them. When used properly, passwords and multifactor authentication (MFA) can go a long way towards preventing this. Educate employees to create and protect strong passwords, change them regularly, and use MFA to provide an extra layer of security against password theft.

Make dual control a number one priority.

Implement dual control policies to help identify spoofs, inconsistencies, and other red flags that indicate BEC attacks. With dual control, two eagle-eyed experts in your company must approve any requests for sensitive information like banking details or credential sharing.

When in doubt, talk to Truist.
There are certain requests we will never make of our customers. If you’ve received an email, text, or voice message asking for private banking details like your account number, routing number, or PIN, reach out and alert your relationship manager. Our fraud prevention experts can help identify, report, and neutralize any phishing attacks.

FAQs on business email compromise

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

The quality of text, audio, image, and video impersonations created by generative AI varies but is constantly improving. In its early days, photorealistic reproductions of humans proved challenging, with AI often misplacing noses and adding extra fingers to hands. Today, the technology is advancing rapidly. And voice clones have been persuasive enough to trick targets into transferring millions of dollars to scammers.

Companies like Intel, Sentinel, and Microsoft already have products on the market to detect video and image deepfakes. Also in the works are potentially paradigm-shifting initiatives like McAfee’s Project Mockingbird. These and other cutting-edge systems use an array of techniques to successfully identify AI-powered audio impersonations.

This fraud strategy has the potential to threaten all industries. But the possibility for a large financial payoff from a single successful attack has made financial institutions and insurance companies hackers’ prime targets—and has led many big names in those industries to implement AI in cybersecurity countermeasures.

No. A wire transfer is a one-time, fast-moving, domestic or international transaction between two financial institutions that requires higher user fees and is capable of moving large sums of money. ACH transfers are similar but can be set up on a recurring basis, are exclusively domestic, typically move slower than wires, have minimal user fees, and are used in a wider range of transfers, such as bank deposits and peer-to-peer apps like Venmo and Cash App.

Electronic funds transfers, or EFTs, happen whenever money is digitally moved between banks. They occur without the intervention of bank employees, don’t require paper documentation, and are the most common form of bank transfer.

While recovering money from a completed wire transfer is nearly impossible, the transaction can be reversed—if it’s caught and stopped before your account has been debited.

At the federal level, contact the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission. You’ll need to provide each with a copy of the initial communication—that is, the email (if you were phished) or voice transcript of a call (if you were vished). Also, contact the financial crime department of your State Identification Bureau, as well as local law enforcement.

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Truist Purple PaperSM Digital Transformation

Learn how you can put advanced technology to work for your business.
Download the Purple Paper (PDF)
Client Success Stories

Supporting a future-focused advisory firm through accelerated growth

Helping a repair service entrepreneur flip the switch on business transition

Paving the way to growth for an infrastructure innovator

See all Client Stories

Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Contact us

    Helpful links

    Business Insights
    Truist Business Lifecycle Advisory
    Business Resource Center
    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option
    Component ID : "accordionGridLayout-1396148670"
    Model : "disclaimer"
    Position : "left"

    Disclosure 1Understanding Business Email Compromise,” United States Secret Service, accessed June 17, 2024.

    Disclosure 2Federal Bureau of Investigation Internet Crime Report 2023,” Federal Bureau of Investigation, 2023.

    Disclosure 32023 State of the Phish,” Proofpoint, 2023.

    Disclosure 4Business Email Compromise in the Health Sector,” HHS Cybersecurity Program, July 9, 2020.

    Disclosures

    Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo, Truist Purple, LightStream, and the LightStream logo are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

    Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

    McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Please note that Truist provides translations of webpages, documents and disclosures as a courtesy and in the event of any inconsistencies or discrepancies between the English content and the translated content, the English content supersedes the translation. Truist offers phone support in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages, please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    The Consumer Finance Protection Bureau (CFPB) also provides additional resources for homeowners seeking payment assistance in select languages at: https://www.consumerfinance.gov/housing/housing-insecurity/help-for-homeowners/

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2025, Truist. All Rights Reserved.