Business Email Compromise is the Most Common Type of Payments Fraud

Successful Business Email Compromise fraud attacks can not only negatively impact a company’s reputation, but the potential financial loss can be detrimental.


With the shift in workforce flexibility, many people are working remotely nowadays, which means more business is being done electronically. While processes, systems, communication and overall operations may have changed, an unfortunate consistency for your payables department is payments fraud. Understanding its prevalence and acting upon its threat is more important than ever. The Association for Financial Professionals (AFP) recently released their 2021 Payments Fraud and Control Survey Report1, and it shows Business Email Compromise (BEC) remains the most common way businesses become victims of fraud.

BEC occurs when someone falsifies a legitimate email address to authorize the transfer of funds to accounts managed by criminals. Seventy-six percent of organizations report they were targets of BEC in 2020, while 62% indicate that BEC is the primary source of fraud attacks at their organizations. Scammers will target businesses of all sizes which is why it’s important to understand the threat.

Although there has been an overall decline in payments fraud activity, from 81% in 2019 down to 74% in 2020, BEC attacks continue to be on the rise.


When it comes to Business Email Compromise, criminals are doing their research. They not only find information on a company, they target the details of payments being made — often including payment type, amount and frequency. Once information is collected, a falsified email address is used to send an email communication with what seems like a legitimate request from a trusted vendor or member of a company’s executive team. The individual at the company authorizes and releases the payment, potentially resulting in a financial loss. The most common sources of BEC are:

  1. Emails from third parties requesting bank changes, payments instruction, etc.
  2. Emails from fraudsters posing as senior executives requesting transfer of funds
  3. Emails from fraudsters impersonating as vendors

Our Commercial Banking Team is ready to help your business grow

Find a Banker


Or let us contact you.


As reported by survey respondents, understanding common payment targets is essential:


As we notice that ACH transactions are a more popular payment method to target, the shift can be attributed to the fact ACH payments are an easier touchpoint for scammers while checks are used less often. Many businesses use ACH to pay their bills versus wire transfers which can be a costlier transaction type, keeping companies susceptible to email fraud.


While it makes sense that the Accounts Payable department would be targeted most frequently, it may also be surprising to know that other departments are commonly targeted:


To help protect against BEC, companies are implementing more secure procedures, and are better utilizing available tools and resources. Respondents shared the following top five methods being implemented to limit their exposure:


A successful BEC attack can significantly impact a company’s finances, but other threats such as loss of confidential information belonging to the company, their vendors and/or their customers can be just as damaging. The backlash from that alone can ruin a company’s reputation.

To help protect against payments fraud, regardless of type, businesses identified key solutions:

Employing fraud mitigation best practices, products and services such as Check and ACH Positive Pay, Commercial and/or Virtual Cards, account blocks, and more, can validate payments and stop fraudulent transactions. Doing so will only help your business keep moving forward, especially during a time of so much uncertainty.

Ready to evaluate your business’s protection plan? Contact us today!


12021 AFP Payments Fraud and Control Survey Report.