How can plan sponsors help prevent business email compromise

2 minute read

Business email compromise (BEC) is a scam in which the cyber-criminal compromises the email accounts of victims to send fraudulent payment instructions and/or uses email to impersonate a business executive to access employee payroll, W2 information or steal data. While criminals can target virtually any industry, the Healthcare, Education, Government and Corporate sectors are especially vulnerable to exploitations.

  • Global losses connected with BEC scams increased by 136% between December 2016 and May 2018, according to the FBI Internet Crime Complaint Center (IC3).1

  • Since 2016, FinCEN received 32,000 cases of BEC involving almost $9 billion in attempted theft from U.S. institutions.2


We highlighted a few actionable steps you can take as a plan sponsor to prevent your organization from being the next headline and BEC statistic:

  1. Alert, educate and train your workforce on the potential threat of BEC, including preventative strategies.
  2. Instruct employees on how to handle suspicious emails, especially emails with hyperlinks.
  3. Direct employees to channel suspicious emails to a designated department, like IT security. 
  4. Monitor employee logins and logins after hours.
  5. Restrict access to sensitive information and enable multi-factor authentication.




The FBI requests BEC victims file a complaint, regardless of dollar loss or date of the incident, with the IC3.


Visit to learn about Voya’s commitment to customer security.

Explore more on this topic:   Worried about cybersecurity? Start with your own employees





1 FBI iC3 Public Service Announcement, Alert Number I-071218-PSA, “Business E-Mail Compromise The 12 Billion Dollar Scam”, July 12, 2018.

2 U.S. Treasury Financial Crimes Enforcement Network (FinCEN) Advisory FIN-2019-A005, “Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes,” July 16, 2019.