As businesses have become more reliant on technology, online payment fraud has become a common problem. Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:

  1. A vendor your company regularly deals with sends an invoice with updated banking information.
  2. An employee asks their employer to change the bank account where direct deposit payments have been made.
  3. A homebuyer receives a message from his title company or his attorney with instructions on where to wire his down payment.

Many versions of these scenarios have happened to real victims. All the messages were fake and in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead. Here are some essential steps to safeguard your transactions and sensitive information:

  1. Verify the Sender.  Always double-check the sender’s email address to ensure it exactly matches their official domain or the exact email address of the appropriate individual at the company or individual that you have been dealing with. If you receive an email from an address that does not exactly match the email address that you typically communicate with or you receive an email from an unfamiliar or suspicious address claiming to be from a familiar source, exercise caution.
  2. Confirm via Phone. In cases of doubt, contact the appropriate party using the official contact information that you have dealt with in the past. Speak directly to the appropriate party to verify the legitimacy of any payment request.
  3. Educate Your Team. If you have authorized personnel responsible for handling payments within your organization, ensure they are aware of the importance of verifying payment requests.
  4. Report Suspicious Activity. If you receive a suspicious email, report it to your security team or IT professional immediately.

If you and your company follow these precautions, you will be able to minimize the possibility of becoming a victim to an online payment fraud scheme.