How do I report a business email compromise (BEC) scam?
Report to the FBI IC3 at ic3.gov immediately and contact your bank to request an emergency wire recall. BEC fraud is time-sensitive — every hour counts.
Last reviewed: 10 June 2026
Explanation
Business email compromise (BEC) occurs when scammers impersonate a company executive, supplier, or partner to redirect payments, often large wire transfers, to accounts they control. It is one of the highest-value fraud types globally, causing billions in losses each year. Immediate action is critical.
Call the FBI's IC3 at ic3.gov or contact your local FBI field office directly. The FBI has a dedicated BEC working group and can issue emergency requests to recipient banks in some cases to freeze fraudulent transfers before the money is moved offshore. Time is absolutely critical: file within hours if possible.
Simultaneously, contact your bank's fraud team and request an emergency wire recall. If the recipient bank is in the US, the FBI and your bank's correspondent banking contacts can sometimes freeze the funds within a business day. If the funds have already been moved to an overseas account, recovery becomes much harder.
Also report to FinCEN (the Financial Crimes Enforcement Network) if you believe the fraud involved money laundering. Notify your email provider about the compromised or spoofed account. Conduct an internal forensic review to determine how the attacker gained access — whether by compromising an actual email account, by registering a lookalike domain, or by simple impersonation.
Common red flags
- A payment request arrived by email that differed from the usual process
- An 'executive' or supplier emailed a new bank account for future payments
- The request emphasised confidentiality and asked you to bypass normal approval
- The email came from a domain with a subtle spelling difference
- A supplier updated payment details just before a large invoice was due
- The request cited a merger, acquisition, or legal matter to justify urgency
What to do now
- File an emergency report at IC3.gov immediately
- Call your bank's fraud line to request a wire recall
- Contact the FBI field office directly for high-value losses
- Notify the real sender whose identity was used
- Preserve all email headers and communications as evidence
- See /scams/business-scams for BEC prevention steps
Frequently asked questions
Can a wire transfer be recalled in BEC fraud?
Yes, but only within a very narrow window — often hours, rarely more than two business days. The FBI's Financial Fraud Kill Chain has an emergency rapid-response process specifically for BEC fraud. Contact IC3 and your bank simultaneously without delay.
Who is liable in a BEC scam — the employee, the company, or the bank?
Liability is complex and varies by jurisdiction. In many cases the sending company bears the loss unless the bank was negligent. Cyber insurance may cover BEC losses. Consult legal and insurance advisers as part of the incident response.