Skip to Main Content
Doing More Today
  • News
  • Community
    • Associates in Action
    • Community Engagement
    • Small Business
    • Economic Development
  • Insights & Innovation
    • Economic Commentary
    • Insights
    • Innovation
  • Financial Wellness
    • Financial Wellness
    • Fraud Prevention
  • See the Good
    • Culture
    • Good Company
    • Good Towns
    • Good Pets
    • Ecards
    • Recipes
    • Riding Forward
Subscribe Now
Regions Bank

Regions Bank: Doing More Today: Good stories. Better insights. More possibilities.

Share
Share on Facebook
Share on X
Share on LinkedIn
Share via Email
Subscribe
Illustration of an opened email with a hacker inside of...
Category: Fraud Prevention

Guarding Your Inbox from Business Email Compromise

Understand the scam and learn how to help prevent it from happening to you or your business.

By Brandon Arnold | April 1, 2025

In today’s digital landscape, businesses are increasingly vulnerable to cyberattacks.

One of the most damaging threats is business email compromise (BEC). This sophisticated attack method exploits trusted communication channels to deceive businesses into transferring sensitive information (or sometimes money) to cybercriminals.

These cybercriminals impersonate a legitimate business contact – like an employee, executive, or a known vendor – to trick employees into sending money or divulging sensitive data. In some cases, they even gain access to use an employee’s email address.

To do this, an attacker needs to gather information about who they want to impersonate. They can do this in several ways.

    1. Basic Research – Attackers scour the internet for information about the target including associated third parties and employees. All the information they find can be found on publicly accessed sites, including the company’s website, news articles and social media sites.
    2. Social Engineering – With information gathered from the research about employees from social media, projects and relationships from news articles, and companies from their own website, attackers can then exploit human trust and behaviors to gain access to data, information or systems.

 

Once the cybercriminals have gained some basic knowledge about you and the company, they may use one or more of the following common attack methods to set up a BEC attack.

    1. Phishing – Using an email to deceptively gain information or access.
    2. Smishing – Similar to phishing but through text messages.
    3. Vishing – Similar to smishing and phishing but through phone calls.
    4. Email or Domain Spoofing – Attackers may use lookalike emails or domains to attempt to “authenticate” their identity.

 

Now that the cybercriminal has enough information to execute an impersonation, they may move forward with their biggest attack yet – business email compromise.

3 Common BEC  Attacks

    1. Fraudsters use access to accounts within a vendor to monitor for an opportunity to “jump in” to the middle of the conversation to execute the attack. They’ll suddenly request a change and redirect emails to an external account. In some cases, they may request additional changes (new services, more users to the profile, etc). These “nesting” attacks are effective because the email originates from a legitimate account, using the same email thread and the same signatures – it’s just that the attacker now controls the email account.
    2. Asking for an account update because “something has changed.” This could be things like a new account number for payments, a change to the payment method, or contact information.
    3. Impersonating a person of authority to request something they are unable to do due to “certain circumstances.” For example, a manager is facing an emergency and is unable to access their work computer/email to request a payment process or change so it’s requested through their “personal email.”

Man typing on a laptop with cell phone on table.

3 Tips to Prevent Becoming a Victim

    1. For sudden changes or suspicious requests – especially changes to payment accounts, users or contacts – validate that the request is real by contacting the requestor on a verified phone number. Do not call the number in the email or reply to the e-mail as you’ll likely be contacting the attacker.

      Remember:Three icons with stop, call and confirm.

    2. Be mindful of the information you share online.
    3. Consider the use of dual controls for transactions – an example is the “maker/checker” process where one individual initiates a request and then another reviews and approves.

 

“If something doesn’t look right, trust your gut,” says Jeff Taylor, Head of Commercial Fraud Forensics for Regions Bank. “Before you fall victim, implement an internal control to confirm all payment requests or changes to an existing payment.”

 

Additional Resources from Regions.com

  • Regions Fraud Prevention
  • Protect Yourself and Your Accounts from Fraud
  • Protect Your Business Against Fraud

 

Related Articles from Doing More Today

  • Website Spoofing: The Pain of Look-Alike Domains
  • Beware Cryptocurrency Investment Scams
  • 4 Common Tax Frauds

 

The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.
All fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.
Share
Share on Facebook
Share on X
Share on LinkedIn
Share via Email
Subscribe

Trending Articles

  • 1.

    2025 Regions Tradition Closes with Come-From-Behind Win

  • 2.

    Angela Santone Joins Regions Bank as Chief People Officer

  • 3.

    Regions Recognized for Excellence in Mortgage Servicing

  • 4.

    Regions Bank Named 2025 Gallup Exceptional Workplace Award Winner

  • 5.

    The Ice Man Cometh

Related Articles

Group of Regions associates from Alabama and associates at the...
Category: Community Engagement

Share the Good 2025: Greatest Hits

Monica Gross Lopez, Digital Experience Researcher, Hinton Taylor, Strategic Planning...
Category: Community Engagement

Putting Job Skills to Work for the Greater Good

Regions Tradition attendee painting on mural.
Category: Culture

A Paint-by-Numbers Benefit from the Regions Tradition

Regions Tradition 2025 trophy.
Category: Culture

2025 Regions Tradition Closes with Come-From-Behind Win

Illustration of a driver's license with a magnifying glass focussed...
Category: Fraud Prevention

Real ID Scams: 5 Tips to Avoid Becoming a Victim

Jeff Taylor, Regions Bank’s head of Commercial Fraud Forensics, met...
Category: Fraud Prevention

Extra Credit: 4 Fraud Truths to Remember

  • Bringing the Tradition to Life: Diebold Nixdorf
  • Best Remedy for Mortgage Fraud: Stop, Call and Confirm
  • #BanksNeverAskThat – And Neither Does Regions
  • FBI Warns of Impersonation Scams
Regions.com | About Regions | Investor Relations | Privacy & Security | Website Terms of Use | Contact Regions | Careers at Regions
© 2025 Regions Bank Member FDIC |
All Rights Reserved | Member FDIC | Equal Housing Lender | Online Privacy