Email Fraud: A Survival Guide

Here are a few ways to spot the telltale signs of a fraudulent email, and what to do if you’ve been the victim of a scam.

In today’s technology-driven world, email is key to conducting business successfully. That means it’s important to be wary of business email compromise (BEC). While you may think your business isn’t a target, email fraud criminals have targeted businesses of all kinds and sizes—from school systems to large-scale corporations.

“It is absolutely imperative that businesses become more educated around threats that can come via simple email,” says Jeff Taylor, Senior Vice President and Head of Treasury Management Core Products & Services at Regions Bank. There are two common ways that business email can be compromised.

Email-borne Malware

Malware (malicious software) encompasses any number of codes written to “hack” into your business’s computers or network. Think of the process like a Trojan horse, says Taylor. Email fraud hackers use a seemingly harmless email to introduce software into your computer via a link or an attachment. Once it’s in, the malware can spread to other computers on your business’s network or to your servers.

The specific type of software depends on what the email fraud hackers are trying to accomplish. For example, they may introduce a program that records every key you press. These keystroke loggers can capture banking transactions or record all of your usernames and passwords.

Fake Vendor Email

Email fraud hackers can also attack your company by infiltrating or posing as a company with which you do business. Once they have access to one of your vendor’s systems, they may hack the vendor’s email accounts or create accounts that look like your vendor’s. From there, they might send you a seemingly official email, such as a “vendor change of terms.” These emails often ask that you send your regular wire payment to a new bank account and routing number.

If You’ve Been Attacked

If you think you’ve been victimized, contact law enforcement and your bank immediately. File a report with your local police about the email fraud, but know that cybercrimes are often the jurisdiction of the FBI. You can submit claims online to the Internet Crime Complaint Center at

“Document everything that happened,” says Taylor. “It will help you avoid the same attack again.”

Proper preparation using cybersecurity processes and education is the best way to prevent these attacks.


On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional concerning your specific situation and for current tax rules. Regions, the Regions logo, and the LifeGreen bike are registered trademarks of Regions Bank. The LifeGreen color is a trademark of Regions Bank.