How do I recover after a business email compromise (BEC) scam?
Call your bank's wire department immediately to initiate a recall, then report to the FBI's IC3 within the same business day for the best chance of asset recovery.
Last reviewed: 10 June 2026
Explanation
Business Email Compromise (BEC) is a category of fraud where a criminal compromises a legitimate business email account — typically through phishing or credential theft — and uses it to redirect invoice payments or payroll to a fraudulent bank account. BEC is consistently ranked among the highest-loss fraud categories by the FBI.
Time is the critical variable. The FBI operates the Financial Fraud Kill Chain in partnership with major U.S. banks and overseas financial intelligence units. If you report a BEC-related wire transfer to the FBI's IC3 within the same business day, and the funds have not yet been withdrawn from the receiving account, there is a meaningful chance the FBI can freeze the funds and recover some or all of the money. The longer you wait, the lower the probability.
Call your bank's fraud or wire operations team simultaneously. Provide the exact amount, the receiving bank name and routing number, and the account number if you have it. The sending bank and receiving bank can both take action to freeze and return funds — but only within the settlement window.
After the immediate crisis, conduct an email security investigation. Identify how the email account was compromised — typically through a phishing link or a reused password. Reset all compromised account credentials, review your email security settings, enable multi-factor authentication, and brief other employees on BEC tactics to prevent a repeat.
Common red flags
- Invoice payment instructions arrive with updated bank details at the last minute
- Email from CEO or senior manager requesting urgent wire transfer, bypassing normal process
- Vendor 'confirms' a change in their payment details by email only
- Slight variation in the sender's email domain (e.g., company.com vs. company-co.com)
- Request to keep the transfer confidential from other team members
- Urgency framed around closing a deal before end of day
What to do now
- Call your bank's wire operations team immediately to request a recall
- File with the FBI's IC3 at ic3.gov immediately — same business day if possible
- Call the receiving bank if you have the account details
- Notify your IT security team to investigate the email compromise
- Report to the FTC at ReportFraud.ftc.gov
- Preserve all email headers and communications as forensic evidence
Frequently asked questions
Who is liable for a BEC loss — the business or the bank?
Liability depends on whether the business followed the bank's security procedures. If the business authorized the wire themselves (even under false pretenses), the bank may not be liable. However, banks have successfully been held liable when they approved transfers that deviated from established patterns without verification. Consult a commercial attorney.
What is the FBI's Financial Fraud Kill Chain?
The Financial Fraud Kill Chain is an FBI program that enables rapid coordination between the FBI, sending banks, and receiving financial institutions to freeze fraudulent wire transfers. It works only for funds not yet fully disbursed. Reports via ic3.gov with full wire details trigger this process.