Skip to Content
Bank of America Coronavirus Resource Center See details
Email
Contact us
Menu

Be cyber-secure: Beware of these business email scams

Steps you can take to defend against phishing, smishing and other forms of cyber threats

CYBER CRIMINALS SEND OUT a staggering number of phishing emails to businesses every year. They’re trying to trick employees into revealing proprietary and confidential data or taking an action that will benefit the criminals—and harm your business. They often use a tactic called spoofing—impersonating a legitimate business or person—in an attempt to fool employees into clicking a link, opening an attachment, changing account information or conducting a financial transaction. Such phishing attempts are usually called smishing when cyber criminals use SMS or messaging apps.

What is business email compromise? Here’s how cyber criminals can defraud your business and gain access to corporate and customer records. Illustration of a man wearing a suit, glasses and a hood sitting at a computer, and emails flying out of it.
A cyber criminal sends a fraudulent email that appears to come from a senior executive, a familiar vendor or other trusted source. Illustration of a man wearing a suit, glasses and a hood sitting at a computer with an arrow pointing out of it, signifying a sent email.
The email requests that the receiver take immediate action…. Illustration of an email with a red exclamation point, and an arrow pointing from it to two computers, one with a male and one with a female icon.
The recipient falls for the scam…. Illustration of an email pointing to a computer that has turned red, signifying a user that has opened a fraudulent email.
Text reads: and processes the payment or transfers money to a fraudulent account. Illustration of a red computer that has opened a fraudulent email, pointing to a bank with money on the outside of it.
The money goes to the cyber criminal. Illustration of a man wearing a suit, glasses and a hood sitting at a computer, with money.
The email may also contain malware, which if opened, allows the cyber criminal to steal vital company information, including customer records, for use in a future BEC attempt. Illustration of a man wearing a suit, glasses and a hood sitting at a computer, with files labeled confidential.

Clicking those links or opening those attachments can automatically install malware, which, depending on the type, could give the criminals access to your computer or device, install ransomware (in which malware infiltrates your system and cyber criminals hold your business hostage until a fee is paid), and even allow them to burrow further into your company's servers or the cloud. Let them in and they could steal your company’s confidential information and destroy the reputation you’ve worked hard to build with customers.

While the impact of such a business email compromise (BEC) can seem overwhelming, there are things you can consider doing to help protect your business, your customers and your employees from email scams. Consider these best practices:

  • Avoid clicking on links or attachments from untrusted sources.
  • Educate employees to be alert to emails, messaging and phone calls that may be fraudulent.
  • Use verified contact information from within the company’s internal contact management system when verifying requests to change information or transfer funds.
  • Require multiple-person approvals for account and financial change requests.
  • Encourage employees to ask questions and challenge suspicious activity before acting on requests.

For tips on what to do if you think your business has experienced a cyber event, download Cyber-Security Checklist: Consider Taking These Steps If Your Business Has Been Targeted and share it with your employees.

Related Insights

red wire computer lock resting on a keyboard red wire computer lock resting on a keyboard

Be cyber-secure: Hone your password security writing with a quiz

A person tapping the navigation bar on a laptop with strands of 1-0 code in foreground. A person tapping the navigation bar on a laptop with strands of 1-0 code in foreground.

How cyber criminals engineer deception online

Investing involves risk. There is always the potential of losing money when you invest in securities.

 

Asset allocation, diversification and rebalancing do not ensure a profit or protect against loss in declining markets.

 

Neither Bank of America Private Bank nor any of its affiliates or advisors provide legal, tax or accounting advice. You should consult your legal and/or tax advisors before making any financial decisions.

 

Credit and collateral subject to approval. Terms and conditions apply. Programs, rates, terms and conditions subject to change without notice.

 

Bank of America Private Bank is a division of Bank of America, N.A., Member FDIC and a wholly owned subsidiary of Bank of America Corporation (“BofA Corp.”).

 

Trust and fiduciary services and other banking products are provided by wholly owned banking affiliates of BofA Corp., including Bank of America, N.A.

Connect with us: 1.800.878.7878

Investment products:

Are Not FDIC Insured
 Are Not Bank Guaranteed
 May Lose Value



Bank of America, N.A., and U.S. Trust Company of Delaware (collectively the “Bank”) do not serve in a fiduciary capacity with respect to all products or services. Fiduciary standards or fiduciary duties do not apply, for example, when the Bank is offering or providing credit solutions, banking, custody or brokerage products/services or referrals to other affiliates of the Bank.

 

Bank of America, N.A., Member FDIC. Equal Housing Lender House icon

©  Bank of America Corporation. All rights reserved.

3313712-EXP-2021-11-03

Connect with us: 1.800.878.7878

TOP
X
Continue Return to
Bank of America Private Bank