Business Email Compromise (BEC) & CEO Fraud Training

Wires settle fast and are nearly impossible to claw back. By inserting themselves into a real email thread, attackers piggyback on existing trust and timing.

• BEC was the costliest cyber-enabled crime tracked by the FBI in 2023, with over $2.9 billion in adjusted losses (FBI IC3 2023).
• Real-estate wire fraud — fake closing instructions sent to homebuyers — caused over $446 million in losses in 2022 (FBI IC3).
• The FBI's Recovery Asset Team recovered roughly 71% of attempted-fraud funds when victims reported within 72 hours via IC3 (FBI 2023).

• Last-minute change to wiring instructions from a 'title company,' 'attorney,' 'escrow,' or 'vendor.'
• Reply-To address differs from the From address, or the domain has a swapped letter.
• CEO/CFO 'urgent and confidential' wire request that bypasses normal process.
• Vendor invoice with a new remit-to bank account.
• Email-only confirmation; refusal to talk on the phone.

• Add a mandatory call-back step on a known phone number for every wire above a threshold you set.
• Treat any change to bank details as suspicious by default until verbally confirmed.
• Inspect domains carefully for swapped letters ('rn' vs 'm', '0' vs 'o').
• Use unique, business-only email addresses for closings and large transactions.

• Call your bank within 24 hours and request a SWIFT recall and 'Hold Harmless' letter.
• File at IC3.gov within 72 hours so the FBI Recovery Asset Team can attempt a financial freeze.
• Notify your local FBI field office and, for real estate, your title insurer.
• Preserve original emails with full headers — they are needed for any investigation.