Business Email Compromise continues to be the biggest threat to our financial system. It is one of the most financially damaging online crimes, exploiting the fact that so many of us rely on email to conduct business – both personal and professional.

In a BEC Scam, criminals send an email message that appears to come from a known source making it look like a legitimate payment request.

For example:

  • Have you received an email request from the CEO or the Owner to send a payment today… maybe they aren‘t unable to speak to you on the phone?
  • Or an email request from your vendor or supplier about a late payment.
  • maybe an email request to change payment method from checks to electronic with the bank information included.

A scammer may spoof an email account or weblink… so you must stay alert. They may use malware preinstalled from a previous incident and wait until the right time to request a payment.

But the biggest threat we have seen is your trusted vendor, who is also a victim of a BEC scam. This time you are the target of a sophisticated attempt to use a previous email chain with a reply message that includes new payment instructions. The email appears to be legitimate; the website directs you to your trusted partner site and the contact information is the same, but are you really communicating with the right person?

Here are some helpful tips to mitigate a financial loss due to Business Email Compromise:

  1. Train your employees against email threats.
  2. Implement company policies for changes to vendor payment options, contact information & bank account updates.
  3. Implement controls such as dual control & two-factor authentication when processing electronic payments.
  4. Add special messaging indicating the email is from an external source.
  5. And finally, simply pick up the phone to verbally confirm the request to ensure you are speaking with the correct party.

These are just a few tips on what you can do to ensure the payment request is legitimate.

Remember payments are moving faster and faster with each advancement in technology, so we must remain vigilant against acting on just email or text communication…. again… pick up the phone and speak to someone. Preventing a fraud attempt is worth the call!

NDBT logo

Please select a branch

NDBT logo


We are currently converting to a new Digital Banking System. Login to online banking will be available again at 8am CDT Tuesday, May 7.

Account sign up:

Please pick your Account type:

Please Be Aware

Email messages are not always secure. We are not responsible for the confidentiality of communications sent to us via email. Generally, our security software does not encrypt email messages, unless we specifically send you a message via ShareFile. Email messages traveling across the Internet can be subject to viewing, alteration and copying by anyone on the Internet. Always exercise caution when submitting financial or personal information via email. Existing customers should always send confidential information through the secure portal located inside of their online banking session.

Please Be Aware

This link will take you away from NDBT‘s website and will redirect you to another site outside our domain. NDBT makes no endorsements or claims about the accuracy or content of the information contained in these sites and the security and privacy policies on these sites may be different than those of NDBT.