Skip to main content

Threat: Business Email Compromise

 Section Menu

Business Email Compromise (BEC) Risks and Mitigation

Business Email Compromise (BEC) is a type of cybercrime where attackers use email fraud to trick individuals into transferring funds or sensitive information to unauthorized recipients. BEC attacks often target businesses and can result in significant financial losses and reputational damage.

Risks of Business Email Compromise

  • Financial Losses: Unauthorized fund transfers or payments.
  • Data Breaches: Disclosure of sensitive information such as customer data or financial records.
  • Reputational Damage: Loss of trust from customers and stakeholders.
  • Legal Consequences: Violation of regulations and potential legal liabilities.

Best Practices to Mitigate BEC Risk

1. Verify Email Requests: Always verify email requests for fund transfers or sensitive information, especially if they seem unusual or urgent. It's best to verify information with a trusted phone number.
2. Implement Two-Factor Authentication (2FA): Enable 2FA for email and financial accounts to add an extra layer of security.
3. Train Employees: Provide regular training and awareness programs to educate employees about BEC scams and how to recognize suspicious emails.
4. Use Secure Communication Channels: Use encrypted channels or secure communication platforms for sensitive transactions and discussions. If sending an email to First National Bank, please do not include any sensitive account or transaction information. 
5. Maintain Strong Passwords: Enforce strong password policies and regularly update passwords for email and financial accounts.
6. Monitor Account Activity: Monitor financial accounts regularly for any unauthorized transactions or suspicious activities. First National Bank offers Positive Pay, which monitors your accounts for ACH and check fraud. 


These suggestions are not meant to be an exhaustive list and do not guarantee safety. They are merely provided as a courtesy to our customers. The information provided on this webpage is for educational purposes only and does not constitute legal or professional advice. It is recommended to consult with a qualified cybersecurity professional or legal advisor for specific guidance on addressing cybersecurity threats in your organization.

Back to Top