What's a business email compromise scam?

This is when fraudsters send an email appearing to be someone you know and trust — typically a colleague, manager or vendor. Fraudsters use a slight variation of the original email address. The email seems like a legitimate request that tricks you into transferring money to the fraudster or sharing confidential information. Fraudsters rely on impersonation and social engineering tactics to carry out different versions of the scam.

Types of business email compromise scams

The fraudster impersonates a vendor the business regularly deals with and sends an invoice with updated banking information.

The fraudster impersonates a manager and asks an employee to purchase multiple gift cards for clients. The fraudster requests the employee to send the gift card serial numbers as soon as possible.

Warning signs of business email compromise scams

  • Urgent requests that are brief and encourage you to avoid normal procedures
  • Grammar and spelling errors or design inconsistencies
  • Language that's unusual for a vendor
  • Emails from personal accounts, like Gmail or Hotmail, instead of an organization's account
  • Emails are sent from a high-level executive who asks for information that seems strange

Stay safe with our tips

  • Always keep personal and business information confidential. 
  • Train employees to identify the signs of a business email compromise scam. Have a cybersecurity policy in place and share the protocols for handling email requests. 
  • Check for any missing emails or issues with your email account. Email forwarding may have been set up without your knowledge, which would redirect emails to a different account.
  • Change your passwords frequently. Use strong alphanumeric passwords that aren't easy to guess. Also, don't use the same usernames and passwords on multiple accounts.  
  • Don’t click on anything in an unsolicited email that asks for information. Search for the company on your own and ask them if the request is legitimate. 
  • Be diligent about what you download. Don't open an email attachment from an unknown sender and be wary of business emails forwarded to you.
  • Verify any payment or purchase requests or updates by calling the person on a known number to ensure it's valid. 

Notice anything suspicious? Let us know


Explore more about business email compromise scams

Canadian Anti-Fraud Centre Opens in a new window.

Report fraud when it happens and track the latest data on fraud happening in Canada. 

The Little Black Book of Scams Opens in a new window.

Download the Canadian Competition Bureau's guide to scams in 8 different languages.

Business banking fraud (PDF, 935 KB) Opens in a new window.

Discover common types of fraud that target small- to medium-sized businesses.