We here at NDBT have always held the belief that our
customer’s cyber safety is paramount. Education and awareness of cyber
fraud is more than important than ever due to the unfortunately growing
industry. October is National Cybersecurity Awareness month, and in that
spirit, we would like to familiarize you with a scam called Business Email
Business email compromise (BEC) is one of the most prevalent online scams. It exploits the fact that so many
of us rely on email to conduct business- both personal and professional.
In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate
request, like in these examples:
- A vendor your company regularly deals with sends an invoice with
updated banking instructions for wire transfers.
- A company CEO asks her assistant to purchase dozens of gift
cards to send out as employee bonuses. She asks for the serial
numbers so she can email them out right away.
- A homebuyer receives a message from his title company with
instructions on how to wire his down payment.
Fraudsters create versions of these scenarios and attack the most vulnerable piece of our technology
infrastructure- the human employee.
How to Protect Yourself
- Be careful with what information you share online or on social media. By openly sharing things like pet
names, schools you attended, links to family members, and your birthday, you can give a scammer all the
information they need to guess your password or answer your security questions.
- Don’t click on anything in an unsolicited email or text message asking you to update or verify account
information. Look up the company’s phone number on your own (don’t use the one a potential scammer is
providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight
differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don't know, and be wary of
email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Verify payment and purchase requests in person if possible or by calling the person to make sure it is
legitimate. You should verify any change in account number or payment procedures with the person making the
- Be especially wary if the requestor is pressing you to act quickly.
How to Protect Yourself. Retrieved from https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise.