How to Protect Yourself from Business Email Compromise

professional team doing cybersecurity training

Business Email Compromise (BEC) scams continue to increase worldwide, targeting companies of all sizes and revenue.

Even companies like Facebook, Google, and Toyota have been targeted, so now is the time to ensure your business is taking protective measures.
 

What is Business Email Compromise?

Business Email Compromise is a type of phishing scam in which fraudsters try to hack, spoof or impersonate business email addresses. They may change one letter or number in a familiar email address to make their scam appear legitimate.

Example: [email protected][email protected]

Scammers may send emails to employees in an attempt to gain credentials or convince someone to send a fraudulent wire. They may also send an email that appears to be from a known third party such as a vendor.

Scammers have also been known to send an email to customers, posing as the legitimate business, in an attempt to obtain their payment information or other sensitive information.
 

How do I recognize a Business Email Compromise scam?

BEC scams are often difficult to spot, but there are a few red flags to be on the lookout for. Common signs of BEC messages include:
  • The message is brief, urgent, and presses you to bypass normal policies and procedures;
  • The request appears to from an executive, vendor or other partner that is outside of the norm;
  • A request for sensitive employee, payroll or company information;
  • Emails have misspelled words or poor grammar;
  • Unexpected attachments sent by email;
  • Emails sent after business hours or on weekends, holidays, or other nonstandard business days.

Carefully check the email address of the sender to ensure it’s legitimate. Since they can be just one character off, spoofed email addresses can be easy to miss.
 

How to protect against Business Email Compromise


As with any type of fraud, verifying information before sharing sensitive information or sending payments is a key step. Pay close attention to all emails to ensure they are from a known source.

When in doubt, do not click links within an email or open attachments.

If you receive new payment instructions from someone you submit payment to on a regular basis, confirm the new instructions with that individual or company in person or over the phone using contact information you’ve previously used.

Steps to take in the event of fraud or loss due to BEC

Icon for Steps to take in the event of fraud or loss due to BEC
Icon for Steps to take in the event of fraud or loss due to BEC
If fraud or loss does happen as a result of responding to a BEC email with sensitive information, there are a few steps to take:
  • Report it to your organization’s IT/cybersecurity team.
  • Call us at (877) 840-8588 so that we can take the necessary precautions to secure your SouthState accounts.
  • Change passwords for email and financial accounts.
  • Review account statements for any suspicious activity.
  • Contact the police and file a report.

As a reminder, please contact our Treasury Management Support team at [email protected] or (877) 840-8588 should you ever have concerns about the safety of your account(s).

 

  • This content is general in nature and provided for informational use only. Content may be used in connection with the advertising and marketing of products and services offered by SouthState Bank, N.A. and its subsidiaries and affiliates. This is not to be considered legal, tax, accounting, financial or investment advice. You should seek individualized advice from personal financial, legal, tax and/or other professionals, as appropriate depending on the specific facts of your situation. We do not make any warranties as to the completeness or accuracy of this information and have no liability for your use of this information.

Secure Log In

Close mobile menu
Login Error

Your username is valid but has a problem. Please call customer support

Our website uses cookies to ensure your online experience is as informative and relevant as possible. Please review our Privacy Policy to learn more about the information we collect.