Sign in

Protect yourself: Cybercriminals utilizing Business Email Compromise (BEC) schemes to impersonate vendors and company executives

It is increasingly common for cybercriminals to use a tactic called Business Email Compromise (BEC) to commit fraud. Under this scheme, cybercriminals hack into email systems in order to:

  • Impersonate a company executive to issue payment instructions via email to direct funds to an illegitimate bank account.
  • Impersonate an existing vendor via email to provide illegitimate bank account information for future payments.


Given the growing threat of BEC, it is critical to verify updates to new or existing vendor bank account information received via email by contacting the vendor or company executive directly via a known phone number or in person rather than email. As appropriate, also verify the given payment instructions to a new vendor are indeed valid.
If you become suspicious before or after sending a payment, contact us immediately.


Bill.com provides several features to help guard against BEC. Here are some best practices to consider to help protect yourself:

  • Establish a standard bill approval process within Bill.com whereby at least two users must review and approve each bill before scheduling a payment.
  • Submit bill images to the Bill.com Inbox so they can be reviewed by approvers and payers for accuracy and authenticity.

The following are additional suggestions for protecting you and your business from BEC:

  • Provide basic training and advanced education for employees to recognize BEC and phishing schemes.
  • Make sure temporary staff covering for your payments employees understand that criminals may pose as employees or vendors to try and manipulate them.
  • Verify bank account information by obtaining a voided check from the vendor.
  • Be suspicious of request for secrecy or pressure to take action quickly.
  • Avoid free web-based email services accounts.
  • Establish a company domain name and use it to establish company email accounts.
  • Be careful what you post to social media and company websites, especially job duties and descriptions, staff hierarchy information and out-of-office details.
  • Immediately report and delete unsolicited email from unknown parties.
  • Do not open emails from strangers, click links or download files that could be loaded with malware.
  • Do not use the “reply” option to respond to any business emails. Instead use the “forward” option and either type in correct email addresses or select it from the email address book to ensure the intended recipient’s correct email address is used.
  • Create intrusion detection system rules that flag emails with extensions that are similar to company email.
  • Register all company domains that are slightly different than the actual company domain.
  • Never log in to sensitive accounts while on public Wi-Fi without using VPN, or another secure connection protocol.

The information provided here is intended to help our customers protect themselves against cyberfraud. It does not provide a comprehensive list of all types of cyberfraud activities or identify all types of cybersecurity best practices.

Remember, the risk of losses increases if you don’t use appropriate fraud-prevention best practices and processes. As we explain in the terms of service governing your use of our service, you are liable for all losses incurred for payments originating using any authorized users’ security credentials or the credentials of others who have designated transaction authority.

If you believe you have been compromised, please contact Bill.com Support.

If you want to learn more about BEC, here are several articles for more information: