Graphic courtesy of Federal Bureau of Investigation

The FBI is alerting New Mexico businesses, school districts, and government agencies to be on the lookout for business email compromise scams, also known as BEC scams, which so far have cost more than $1 million in the state.

In a July 28 press release, the federal agency through its Albuquerque office said one New Mexico county recently lost approximately $500,000 in a BEC fraud, while a small private school system in the state avoided being scammed out of more than $55,000 through quick action by employees.

“Businesses, government agencies, and schools have been through a difficult year, and many are still trying to get back on their feet,” said Raul Bujanda, Special Agent in Charge at the Albuquerque FBI Division. “They need to be aware that cybercriminals won’t give them a break. The FBI and our partners urge communities to be vigilant and educate themselves about online scams like BEC.”

In a typical business email compromise scheme, the victim receives an email they believe is from a company they normally conduct business with, but this specific email requests funds be sent to a new account or otherwise alters the standard payment practices.

Some of the common red flags of BEC fraud include:

  • Unexplained urgency
  • Last-minute changes in wire instructions or recipient account information
  • Last-minute changes in established communication platforms or email account addresses
  • Communications only in email and refusal to communicate via telephone or online voice or video platforms
  • Requests for advanced payment of services when not previously required
  • Requests from employees to change direct deposit information

The FBI also recommends the following tips to help protect yourself and your assets:

  • Be skeptical of last-minute changes in wiring instructions or recipient account information.
  • Verify any changes and Information via the contact on file — do not contact the vendor through the number provided in the email.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.

If you discover you are a BEC victim, immediately contact your financial institution to request a recall of funds and your employer to report irregularities with payroll deposits.

As soon as possible, file a complaint with the FBI’s Internet Crime Complaint Center at

Between January and June, 29 BEC incidents were reported in New Mexico with a loss of $1,025,317.

More information can be found at: