Email compromise is a form of fraud perpetrated on consumers and businesses in an attempt to get you to send funds transfers, ACH transfers and/or check payments. Email compromise perpetrated on consumers is known as Account Email Compromise or AEC. Email compromise perpetrated on business customers is known as Business Email Compromise or BEC.
The fraudsters find their targets primarily through social media, publicly available company email accounts or social engineering. After the email addresses are harvested, a series of phishing or malware attacks are sent hoping a recipient will click on a hyperlink or open an infected attachment that will allow control of the email account.
If successful, the criminals will divert email conversations so that they are in total control without the victim knowing. They gain access to past email history and the victim’s contacts and customers. For BEC schemes they will target higher level employees within an organization that have funds transfer authority. They will send instructions from the compromised email address to send funds transfers, change payroll account numbers, create new ACH and Bill Pay recipients, or request cashier checks.