Business e-mail compromise (BEC)

Recognize, Reject and Report it!

According to recent cybercrime statistics, BEC has stolen more than $5 billion dollars from unsuspecting victims worldwide, including Canadian businesses. BEC is the second highest for monetary loss out of over 40 fraud types reported to the Canadian Anti-Fraud Centre (CAFC). It’s real, it’s growing, but with increased awareness, it can be prevented.

Recognize it!

What is BEC?

BEC, also known as CEO fraud, wire fraud, or business executive scam, is a sophisticated scheme that tricks a business into paying a sum of money to a fraudster. The BEC scheme is executed through the use of social engineeringFootnote 1 or computer intrusion techniques. Several types of BEC schemes have been observed in Canada:

Reject it!

How can I protect my business?

Other measures:

Report it!

How should my business respond?

1. If the e-mail is identified as fraudulent AFTER funds have been transferred:

A) Immediately report the incident to your financial institution. Share the following information:

B) Report the incident to local police. Identify the incident as “BEC” or wire fraud. The criminal code offences would be S. 380 (Fraud) of the Criminal Code of Canada (CCC) and/or S. 403 (Identity Fraud), CCC. This is NOT a civil matter. This also applies to cases of attempted BEC.

If a computer intrusion technique was attempted or used, there are additional criminal offences that have been committed such as S. 342.1, CCC (Unauthorized use of a computer) or S.430 (1.1), CCC (Mischief in relation to computer data). Be ready to share all details of the incident.

C) Consider developing a plan to respond to media inquiries about any potential loss.

D) Report the incident to the Canadian Anti-Fraud Centre (CAFC) online 24/7, select “Report an Incident”, and the link to the “Fraud Reporting System (FRS)”, or alternatively call CAFC at 1-888495-8501, between 9:00 am and 4:45 pm EST Monday to Friday and;

E) Report the incident to the Canadian Cyber Incident Response Centre (CCIRC) via e-mail at: ps.cyberincident-cyberincident.sp@canada.ca, or visit the Canadian Cyber Incident Response Centre (CCIRC) for more information. CCIRC will assist in mitigation and prevention, especially in cases where a technical compromise may have occurred. Advise CCIRC whether the police have been contacted.

2. If the e-mail is identified as fraudulent BEFORE any funds are transferred:

3. If applicable to your business:

We strongly suggest that YOU REPORT THE INCIDENT for the following reasons:

Additional information can be found at:

Get Cyber Safe

Competition Bureau

FBI Internet Crime Complaint Centre (IC3)

Global Cyber Alliance

Date modified: