Skip to Content

Be cyber secure: Beware of these common business scams

Steps you can take to help defend yourself against phishing and other cyber threats

A woman looks intently at her computer screen.

CYBER CRIMINALS SEND OUT a staggering number of phishing emails to businesses every year. They’re trying to trick employees into revealing proprietary and confidential data or taking an action that will benefit the criminals — and harm your business. They often use a tactic called spoofing — impersonating a legitimate business or person — in an attempt to fool employees into clicking a link, opening an attachment, changing account information or conducting a financial transaction. When these phishing attempts use SMS or messaging apps, they are often called “smishing.”

What is business email compromise? Here’s how cyber criminals can defraud your business and gain access to corporate and customer records
Text reads: A cyber criminal sends a fraudulent email that appears to come from a senior executive, a familiar vendor or other trusted source. Illustration of a man wearing a suit, glasses and a hood sitting at a computer with an arrow pointing out of it, signifying a sent email.
The email requests that the receiver take immediate action…
The recipient falls for the scam…
and processes the payment or transfers money to a fraudulent account.
The money goes to the cyber criminal.
The email may also contain malware, which if opened, allows the cyber criminal to steal vital company information, including customer records, for use in a future BEC attempt.

Clicking those links or opening those attachments can automatically install malware, which, depending on the type, could give the criminals access to your computer or device, install ransomware (in which malware infiltrates your system and cyber criminals hold your business hostage until a fee is paid), and even allow them to burrow further into your company's servers or cloud storage. Let them in and they could steal your company’s confidential information and destroy the reputation you’ve worked hard to build with customers.

While the impact of such a business email compromise (BEC) can seem overwhelming, there are things you can consider doing to help protect your business, your customers and your employees from email scams. Consider these best practices:

  • Avoid clicking on links or attachments from untrusted sources.
  • Educate employees to identify and report emails, messaging and phone calls that may be fraudulent.
  • Use confirmed contact information from within the company’s internal contact management system when verifying requests to change information or transfer funds.
  • Require multiple-person approvals for account and financial change requests.
  • Encourage employees to ask questions and challenge suspicious activity before acting on requests.

For tips on what to do if you think your business has experienced a cyber security event, download “Cyber security checklist: Consider taking these steps if your business has been targeted,” and share it with your employees.

 

Stay connected, stay protected

To help keep your Bank of America account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we'll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

 

Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.

Related Insights

Business owners checking emails while sitting outside in a cafeteria.

Be cyber secure: Ways to protect your business and your customers

red wire computer lock resting on a keyboard

Be cyber secure: Hone your password-writing skills with this quiz

TOP