You receive an email from a customer requesting you view a secure document or complete a Request for Proposal (RFP). The message came from someone you’ve interacted with before, but you weren’t expecting this request. The sender’s information appears to be legitimate, and your email filter didn’t flag it as suspicious, but who is really in control of the sender’s account?

Business email compromise (BEC) has become a prevalent tool for scammers. Many individuals and businesses fall victim to sophisticated email scams every day and it can prove costly. Here’s what you should look for, and what to do next.

 Signs of Business Email Compromise:

• The sender attempts to create a sense of urgency.
• The sender tries to get you to circumvent protocol.
• There is threatening language in the email.
• The sender requests you to wire money or change payment details.
• The sender is asking you to purchase gift cards or bitcoin.
• An attachment is included that you don’t typically receive, such as an invoice.
• The grammar and tone are not consistent with the sender.

 What To Do (And What Not To Do):

• Do not respond via email.
• Do not open any attachments or click any links.
• Do not complete the request.
• Reach out to the sender by phone to see if the request is legitimate.
• Always verbally confirm any email instructions to change payment instructions.