FinCEN Issues Advisory on Business Email Compromise Schemes and Names Colleges and Universities among Top Targets

min read

The Financial Crimes Enforcement Network recently issued an advisory to financial institutions about recent trends in business email compromise schemes, identifying institutions of higher education as frequent targets.

On July 16, 2019, the Financial Crimes Enforcement Network (FinCEN) issued an advisory1 to update financial institutions on current trends in business email compromise (BEC) fraud schemes. The advisory is an extension of a 2016 advisory2 that FinCEN created on the same subject. EDUCAUSE members should be aware that FinCEN identifies schools and higher education institutions as targets of BEC fraud, characterizing these entities as targets that "fall outside of the definition of traditional business customers."

FinCEN is a bureau of the US Department of the Treasury that tracks illegal monetary movement for financial security and national security purposes. In this advisory, FinCEN defines BEC fraud as schemes that target accounts of financial institutions or customers of financial institutions that are operational entities, including commercial, non-profit, non-governmental, and government entities. Perpetrators aim to compromise victims' email accounts for some sort of financial gain. FinCEN data indicates that BEC schemes have continued to grow since the 2016 advisory was released; the total number of reports per month has more than doubled from under 500 to over 1,100.

In the July 16 advisory, FinCEN reports that targets of BEC fraud are "particularly and increasingly those with high net worth, and entities that routinely use email to make or arrange payments between partners, customers, or suppliers." Due to high-value transactions flowing through schools and higher education institutions—including tuition payments, endowments, grants, and costs associated with renovation and construction—academic institutions are ripe targets for BEC criminals. In fact, FinCEN notes that the education sector has "the largest concentration of high-value BEC attempts in financial sector reporting, even though only approximately 2% of BEC incidents affected educational institutions in 2017."

Among the trends FinCEN identified in the advisory is an increase in the use of fraudulent vendor invoices when targeting certain industries, like the education sector, that engage in recurrent transactions to pay for goods and services. FinCEN noted that "schemes against institutions frequently involve vendor impersonation" and that criminals "will use compromised or spoofed email accounts to exploit existing business relationships between academic institutions and contracted service providers" to capture funds and direct them to bank accounts under their control. According to FinCEN, large-scale construction and renovation projects at institutions are particularly attractive to BEC actors.

EDUCAUSE will continue to keep members apprised of any related developments or federally issued alerts on BEC fraud or other instances of cyber malfeasance.

For more information about policy issues impacting higher education IT, please visit the EDUCAUSE Review Policy Spotlight blog as well as the EDUCAUSE Policy page.


  1. Financial Crimes Enforcement Network (FinCEN) Advisory FIN-2019-A005, "Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes," July 16, 2019.
  2. FinCEN Advisory FIN-2006-A003, "Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes," September 6, 2016.

Kathryn Branson is an Associate with Ulman Public Policy.

© 2019 Kathryn Branson. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.