First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Two coworkers looking at a laptop
Business Security Awareness

Stay on top of security by knowing what scams look like — and how to avoid them.  

See Latest Scams

Security Resources for Your Business

We have gathered these resources and information to help you protect your business. Learn about common scams on this site — and for daily scam updates, visit the KnowBe4 Security Awareness Training website.

Business Email Compromise | CEO/Executive Phishing | Ransomware 

Business Email Compromise (BEC)

More than 50 businesses per day file a loss report with the FBI, as a result of BEC. 

A BEC scam is a form of phishing or spear phishing where an attacker impersonates a company executive (often the CEO) or other associate, and attempts to get an employee, customer, or vendor to transfer funds or provide sensitive information. Their end game is to steal information and ultimately your money.

In 2021, the adjusted losses of BEC attacks to American companies was nearly $2.4B, according to the 2021 Internet Crime Report, released by the FBI.

A man reading his emails on his laptop

How Business Email Compromise Works

Get more information about Business Email Compromise (BEC) from Tim Hadley, Vice President, Old National Treasury Management Product Director.

Protect Your Business

Video for Business Email Compromise

VIDEO: How To Detect Business Email Compromise

Learn how to identify Business Email Compromise in this 4-minute video hosted by Old National Market President Sara Miller.

Watch Video


CEO/Executive Phishing

CEO/executive phishing can occur in different ways when scammers:

  • Send email to a business executive under a fake name, with the intent of tricking the executive to take some action
  • Gain access to an executive's mailbox and pretend to be the executive
  • Send emails to company employees from an executive’s domain name very similar to the target’s domain name (typically off by one or two characters).

Thieves usually take the time to learn about the organization’s management structure, and their end game is to trick controllers and other financial executives into conducting transactions, processing financial transfers, or other actions without going through proper authentication processes.

For example, a controller receives an email from someone they think is the CEO. The email requests money be transferred for what appears to be valid business reasons. The controller follows the directions in the email without confirming it is legitimate, thinking the CEO has initiated the request — when in reality they are sending money to cyber thieves.

Two older gentlemen looking at a laptop

Tips To Protect Against This Scam

This is a specific type of Business Email Compromise scam. These resources can help you avoid it:


Ransomware

Email is still the #1 delivery vehicle for malware, including ransomware.

Ransomware is a kind of malware in which the data on a victim's computer is locked, typically by encryption. Monetary gain is almost always the motive for ransomware attacks, and a ransom payment is demanded from the victim, in order to have their data decrypted and access returned. Often the ransom payment is required to be paid in virtual currency (i.e. bitcoin), so the cybercriminal's identity remains anonymous.

Ransomware attacks are different than other types of attacks, because the victim is usually notified about what has happened and given instructions on how to recover. Every employee of a company must stay vigilant to protect the organization from being a victim of ransomware.

Two coworkers researching ransomware information

Protect Against Ransomware

Stay ahead of the game by educating yourselves and your employees.

How to Detect Business Email Compromise