How can plan sponsors help prevent Business Email Compromise

5 tips for employers

As society increased its reliance on technology during the global pandemic, cyber criminals took advantage of this increased digital activity by going on an internet “crime spree”, according to the FBI.

  • The number of complaints to the Crime Complaint Center (IC3) increased 69% from 2019 to 2020, up to 791,790, with losses of over $4.1 billion.1
  • Business Email Compromise (BEC) scams accounted for 19,369 of these complaints and continue to cost the most – with losses of over $1.8 billion.1

What is Business Email Compromise (BEC)? 

decorative image

BEC is a scam in which the cyber-criminal compromises the email accounts of victims to send fraudulent payment instructions and/or uses email to impersonate a business executive to access employee payroll, W2 information or steal data. While criminals can target virtually any industry, the Healthcare, Education, Government and Corporate sectors are especially vulnerable to exploitations.

Here are a few actionable steps you can take as a plan sponsor to prevent your organization from being the next headline and BEC statistic:

  1. Alert, educate and train your workforce on the potential threat of BEC, including preventative strategies.
  2. Instruct employees on how to handle suspicious emails, especially emails with hyperlinks.
  3. Direct employees to channel suspicious emails to a designated department, like IT security. 
  4. Monitor employee logins and logins after hours.
  5. Restrict access to sensitive information and enable multi-factor authentication.


The FBI requests BEC victims file a complaint, regardless of dollar loss or date of the incident, with the IC3.

Learn about Voya’s commitment to customer security.


Related Items

1 FBI’s Internet Crime Report 2020