How can we help?

Business Email Compromise

At Gusto we're always working to keep your company safe from any type of security threat. One kind of security threat known as a business email compromise has become an increasingly popular type of fraud in the payments industry. 

What is a business email compromise scheme? 

A business email compromise (BEC) is a fraud scheme in which a fraudster gains access to a business or personal email account and impersonates the owner of the email account in order to steal money from the company or related individuals.

How could this affect your Gusto account?

We make sure that your Gusto account is as secure as possible, but there are ways that fraudsters can target your company outside of your Gusto account. Below are different ways you could see a business email compromise affect your company:

  • An employee’s email can be compromised through phishing emails.

    • The fraudsters then impersonate the employee and requests that the admin of the account changes their bank account to a fraudulent one. The admin does not realize it is a fraudster making the request and the employee’s paycheck is sent to a fraudulent account.

  • An employee’s email address is spoofed by a fraudster.

    • This is when they create an email address very similar to the employee’s email, but change one or two characters.

    • The fraudster then emails an account admin requesting a bank account change to a fraudulent account. The admin does not realize this is a different email than the employee’s real email address and they make the change. The paycheck meant for the employee then gets sent to a fraudulent bank account. 

  • An employee’s email account is either taken over or spoofed by a fraudster.

    • The fraudster then sends emails to admins requesting personal information. The admin does not realize they are emailing a fraudster and they provide sensitive information via email.

  • An Admin’s account is taken over by a fraudster through phishing or social engineering.

    • The fraudster requests that a wire transfer be made from the company account to a fraudulent bank account. The person complying with the request believes they are emailing with the admin, but they do not realize they are complying with a fraudulent request.

How can you prevent BEC from affecting your business? 

There are several steps you can take in order to protect yourself and other employees from a business email compromise. Below are security measures that anyone can take in order to protect themselves from a BEC:

  • Never update employee information when it is requested via email.

    • If employee’s want to update their banking information they can log into their Gusto account and do it on their own. 

  • If you feel that an email from an employee looks suspicious, talk with them over the phone or in person to confirm that they sent this email.

    • You can also hover over the email address and see if it is coming from the employee’s real email address or a similar, yet fraudulent address.

  • Change your email password often.

    • This can prevent someone from getting into your email with a password that you often use. 

  • Enable two factor authentication on both your email account as well as your Gusto account.

    • This can prevent someone from accessing your information when they have your password.

  • Do not open any emails that look suspicious or come from someone you do not recognize.

    • Often times fraudsters will send phishing emails in order to gain access to your account.

  • If you receive an email that seems suspicious with Gusto related information you can reach out to our assurance team at assurance@gusto.com.

What should you do if you suspect that you are being targeted in a BEC scam?

If anyone in your company believes that they are being targeted in a BEC scam there are multiple steps you can take in order to ensure that your information is safe.

  • Mark any suspicious emails as spam in your inbox.

  • Change your password for your email account as well as your Gusto account immediately.

  • Enable two factor authentication on both your email and Gusto account.

  • Make sure the admins of your Gusto account are aware of the situation.

Reach out to assurance@gusto.com for further assistance.