Staying Safe Online: Steps to Recognize and Avoid Email Scams

June 06, 2025

Time to Read: 10 minutes

With great power comes great responsibility. Technology has empowered us in so many ways, ranging from real-time online banking to collaborating on business centric tasks. But it is no secret that the convenience and productivity boost that technology provides comes with the potential for malice resulting from the criminal intent of bad actors.

That’s why it’s up to us and the organizations we interact with to not only practice vigilance but to proactively implement best practices, ensuring we’re utilizing all the safeguards at our disposal.

What is Business Email Compromise (BEC)?

BEC is a type of cyberattack where threat actors impersonate trusted parties of a business (e.g., executives, assistants, attorney, bankers, staff, etc.) to redirect funds or extract sensitive information. These attacks are sophisticated, discrete and highly personalized. Threat actors typically use impersonation to target victims with convincing and fraudulent tactics.

Most times, they aim to:

Gain access to a trusted email account (often via phishing or password reuse)
Monitor email threads, study communication patterns, identify financial workflows and map out decision-makers
Insert a well-timed, well-worded and time-sensitive payment or data request
Make their fraudulent request resemble ongoing work, appearing familiar with routine processes and stakeholders

What can you do protect against BEC?

Often times, there are no obvious red flags and victims may not even be aware that a successful cyberattack was carried out. However, BEC attacks are not inevitable.

What You Can Do:

Be Wary Of:	Consider Safeguard Behaviors:
Unusual urgency or secrecy	Don't trust emails that create a sense of urgency, threaten or pressure you to act quickly. Phishing emails often use this tactic to make you act without thinking.
Last-minute changes to payment details	Pause and reflect for high-dollar decisions (e.g., revalidate information). Contact a member of your relationship team if you are unsure.
Email communication only; refusal to verify	Remember, if in doubt, contact a member of your relationship team. A second factor of authentication is always welcome to verify the identity for financial transactions.
Misspellings of domain, sender variation or unusual sender	Always check the sender's email address and domain name or phone number. If they don't match the name, number or organization of the sender, or if they contain spelling errors or unusual characters, be suspicious.
Bypass requests for normal procedures or controls	BNY has standards and procedures to keep you and your account safe. Treat any messages directing staff to ignore standard payment protocols or skip approvals as suspicious.
Indicators of Account Compromise	Monitor your accounts for unusual activity. Set up notifications and leverage multiple factors to verify identity to online accounts.

Additional Security Guidelines to Protect Against BEC

Multi-factor authentication (MFA) on all professional email accounts wherever able. MFA adds an additional layer of security, reducing the risk of unauthorized account access.
Don’t auto-forward emails or give others access to your email unless it is approved and documented.
Leverage callback procedures to verify financial transactions. Independent confirmation through a callback can prevent unauthorized fund transfers.
Be aware of the latest cybersecurity trends. Knowledge of the latest threats and protective measures can help you avoid potential scams.
Avoid sharing account logins between individuals, assistants, or family members.
Routine monitoring of financial transactions. Regular reviews can detect anomalies and prevent fraudulent activities.

Asset Recovery: Immediate Considerations

If you have been hit by a BEC attack and funds have been transferred, time is critical. Consider the following to increase your chances of asset recovery.

Documentation & Consultation
Gather all documentation regarding the transaction and emails/invoices received. Consider consulting a civil lawyer in the country where the money was deposited into the beneficiary bank account. This might be of help when working with the bank to try and recover the money and/or launching a civil complaint regarding the account holder.

Financial Institution Notification

Contact your relationship team for guidance and assistance.

Video | Investments

Monthly Spotlight: Seasonal Weakness Right on Cue?

During this seasonally challenging period for equities, we point out that earnings and profit margins drive long-term returns. Second quarter earnings season has been strong, which may lead the market higher by year end.

Article | Investments

Top of Mind in Technology

Several themes are currently shaping the investment landscape in the technology sector. While there is an abundance of short-term noise from tariffs, capital expenditure volatility and AI hype cycles, we are focused on structural trends that are likely to define sustainable long-term returns. Below, we outline five key discussion points that are top of mind for investors.

Video | Investments

Monthly Spotlight: Resilient in Regime Change

After underperforming international markets since the beginning of the year, U.S. equities have staged a comeback. What’s driving this rebound and will it continue?

Article | Investments

The Benefits of Investing for the Long Term

During volatile times, it can be difficult to focus on the long term. But it’s important to remember that markets don’t move in a straight line and corrections are normal.

¹ Source: Alternative Investments 2024: Eight Themes Steadying the Path of the 60/40 Portfolio p. 14

Past performance is no guarantee of future results. This material is provided for illustrative/educational purposes only. This material is not intended to constitute legal, tax, investment or financial advice. Effort has been made to ensure that the material presented herein is accurate at the time of publication. However, this material is not intended to be a full and exhaustive explanation of the law in any area or of all of the tax, investment or financial options available. The information discussed herein may not be applicable to or appropriate for every investor and should be used only after consultation with professionals who have reviewed your specific situation.

The Bank of New York Mellon, DIFC Branch (the “Authorized Firm”) is communicating these materials on behalf of The Bank of New York Mellon. The Bank of New York Mellon is a wholly owned subsidiary of The Bank of New York Mellon Corporation. This material is intended for Professional Clients only and no other person should act upon it. The Authorized Firm is regulated by the Dubai Financial Services Authority and is located at Dubai International Financial Centre, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE.

The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the Federal Reserve and authorized by the Prudential Regulation Authority. The Bank of New York Mellon London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon is incorporated with limited liability in the State of New York, USA. Head Office: 240 Greenwich Street, New York, NY, 10286, USA.

In the U.K. a number of the services associated with BNY Wealth’s Family Office Services– International are provided through The Bank of New York Mellon, London Branch, One Canada Square, London, E14 5AL. The London Branch is registered in England and Wales with FC No. 005522 and BR000818.

Investment management services are administered by BNY Mellon Investment Management EMEA Limited, BNY Mellon Centre, 160 Queen Victoria Street, London EC4V 4LA. Registered in England No. 1118580. Authorised and regulated by the Financial Conduct Authority. Offshore trust and administration services are through BNY Trust Company (Cayman) Ltd.

This document is issued in the U.K. by The Bank of New York Mellon. In the United States the information provided within this document is for use by professional investors.

This material is a financial promotion in the UK and EMEA. This material, and the statements contained herein, are not an offer or solicitation to buy or sell any products (including financial products) or services or to participate in any particular strategy mentioned and should not be construed as such.

BNY Mellon Fund Services (Ireland) Limited is regulated by the Central Bank of Ireland BNY Mellon Investment Servicing (International) Limited is regulated by the Central Bank of Ireland.

Trademarks and logos belong to their respective owners.

BNY Wealth conducts business through various operating subsidiaries of The Bank of New York Mellon Corporation. BNY is the corporate name of The Bank of New York Mellon Corporation and may be used to reference the corporation as a whole and/or its various subsidiaries generally.

WPB-637230-2024-11-06

Let's start a conversation.

Contact Us