Resource Corner

How to Respond and Develop a Plan for BEC

Learn how to develop a response plan for Business Email Compromise (BEC)


The sooner you report a BEC attack, the better your chances of recovering losses. Be sure to have a plan in place to immediately notify your financial institution of the fraud.

  • For international wire transfers over $50,000, call your regional FBI office ( and local police.  The FBI offers a Financial Fraud Kill Chain (FFKC) process to help recover large international wire transfers stolen from the United States.  The FFKC is intended to be utilized as another potential avenue for U.S. financial institutions to get victim funds returned.
  • Any wire transfers that occur outside of these thresholds should still be reported to law enforcement ( but the FFKC cannot be utilized to return the fraudulent funds. 
  • The plan should also include quickly engaging your IT and information security staff to determine if there has been a network or email compromise.
  • Prepare any reports and notifications required by regulation, law, or policy and deliver as appropriate.
  • Prepare lessons learned reports and socialize as appropriate according to your site’s incident response policies.
  • Share incident details and lessons learned with appropriate management, board-level, or committee-level members.
  • Implement additional controls to minimize the risk of future attacks.

All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.