Resource Corner

5 Red Flags for Business Email Compromise (BEC)

Here are five red flags to look out for to protect your business against BEC.


Look out for these 5 red flags in your emails to protect your and your business against Business Email Compromise (BEC).

Suspicious Email Address of the Sender
The email address of the sender(s) can mimic legitimate businesses. Threat actors often leverage email addresses that resemble reputable organizations but alter or omit a few letters and numbers.

Generic Greetings and Signatures
Lack of contact information in an email signature block, or generic greetings such as "Sir/Ma’am" or "Dear Valued Customer" are strong indicators of a phishing email.

Misspelling and Layout
Odd sentence structure, misspellings, poor grammar, and inconsistent formatting are strong indicators of a potential phishing attempt.

Spoofed Websites and Hyperlinks
When hovering a cursor over links in the body of an email, if links do not match, the link may be spoofed. Malicious variations from legitimate domains leverage different spellings or domains such as .net, vs .com. Other tactics include the usage of URL shortening services to conceal the true destination of links.

Suspicious Attachments
Unsolicited emails which request users to open or download attachments are common delivery mechanisms for malware.

To learn more common indicators and red flags, read the full article here.

All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.