Business Email Compromise (BEC), also known as Email Account Compromise (EAC), CEO Fraud, W-2 Phishing, payroll diversion schemes, or Business Email Spoofing are highly-developed and rapidly growing scams. Criminals use targeted phishing, email, and other electronic communications to deceive a high-level employee, company owner, or executive. Criminals phish for the authority credentials to request and release confidential data and payments or gain access to employee payroll and/or W2 information, to perform wire transfer payments.

W-2’s include a plethora of sensitive and personal data along with financial details such as social security numbers, addresses, wages and tax information, which can provide enough information to carry out identity theft or tax fraud.

How Does it Work?
Once the “fake” identity has been established, criminals use information to change banking information and/or pending transactions. Criminals utilize the identity to request different payments and/or amounts and obtain employee payroll records.

In the case of a wire transfer, once the fake identity has been set up, a high-dollar fund transfer is requested to release a wire transfer. Typically, the offender uses email as their form of communication, however phone calls, faxes, and fake invoices have also been successfully used to request the money. Typically, these crooked schemes result in substantial losses. According to the FBI, over $3 billion has been reported in BEC losses and scams since 2013.

Who Has Been Targeted?
Criminals use fake emails and business “look-alike” documents to impersonate the company executive to acquire information. The latest threat has been to target small to large size businesses, including those in the healthcare sector.

Other top targets have been:

  1. Real estate industry
  2. Third-party payroll services
  3. Government
  4. Manufacturing

Warning Signs & What to Look For:

  • The email requests to change the established payment procedure or banking deposit instructions.
  • Messages with a sense of urgency.
  • The requestor hints he/she will be traveling or out of the office and unavailable for contact.


  • Require secondary verification for any payment request or any change to existing accounts.
  • Verbally verify with executive and/or decision maker regarding wire transfer and payment requests.
  • Use long phrases and complex passwords.
  • Install intrusion detection system filters that flag emails with similar company email extensions.
  • Educate and train employees on BEC threats and what to look for in phishing emails.
  • Avoid clicking on links or attachments in emails.

What to Do and Steps to Follow if You Become a Victim

  • Contact financial institution immediately upon notice of fraudulent activity and/or transfer.
  • Contact financial institution immediately to begin a recall.
  • Contact local FBI Office.
  • File complaint with the FBI’s Internet Crime Center at
  • Change all email login credentials and passcodes.
  • Change banking passcodes, pins, and security questions.
  • Save all emails and evidence pertaining to BEC scam.
  • Forward W-2 Phishing emails for the IRS at