Business Email Fraud

Avoiding a business email compromise


Phishing scams can result in major financial loss

There is no shortage of challenges to running a successful businesses. Business owners must hire the right employees, meet the changing needs of their customers and find new opportunities for growth. This must all be done while protecting the business from the ever-increasing threat of fraud. One particular scam is on the rise: business email compromises. The FBI says that there were $2.4 billion in losses due to this type of email fraud in 2021 alone. We’ve compiled information to help you avoid becoming a victim and experiencing a financial loss.

What is a business email compromise scam?

A business email compromise is a form of phishing, the act of obtaining financial information illegally through deceptive communications. Fraudsters will send an email appearing to come from a company executive or vendor that includes some form of request for money or information. This could be a fake invoice with updated payment information. Recipients who fall prey to this scam may wire funds or share sensitive information believing that they are fulfilling the request of a superior. These scams will often be attempted around holidays when it is common for people to take time off. Just one instance of an email compromise can result in irreparable financial loss.

How to protect your business from a phishing scam

Follow these steps to help reduce the chances of an employee becoming a victim of a phishing attack:

  • Educate and train your employees to recognize, question and independently authenticate changes in payment instructions and payment methods, including ACH and wire transfers, especially when they feel pressured to act quickly or secretively.
  • Verbally authenticate any changes via the telephone.
  • Review accounts frequently.
  • Initiate payments using dual controls.
  • Never provide passwords, usernames, authentication credentials or account information when contacted. Oklahoma Fidelity Bank will never ask you to provide your social security number, account numbers or other confidential information via email or text message.
  • Never post nonpublic business information on social media.
  • Avoid using free, web-based email accounts for business purposes.
  • Do not use the “reply” option when authenticating emails for payment requests. Use the “forward” option, and type in the correct email address or select from a known address book.

What to do if you become a victim of a business email compromise?

If you believe that your business has been exposed to a business email compromise, it is critical to act quickly. Contact your banker, email or call 1-800-757-0464 to report the situation. Note, do not send personal or confidential information to We will do everything we can to help minimize the impact and help prevent future loss.

To learn more about other security issues and threats to your business or personal finances, visit our Security Center. We stand ready to serve.