A Fort Myers accounting firm got an email from their CEO last month asking them to wire $47,000 to a new vendor. The email looked perfect. Right tone, right signature, even referenced a real project they’d been working on. They sent the money. Turns out the CEO never wrote that email.
That’s business email compromise in action, and it’s hitting Southwest Florida businesses harder than most people realize. The FBI calls BEC the most financially damaging cybercrime out there, and small companies between 10 and 500 employees are the ones getting burned the worst.
What Business Email Compromise Actually Looks Like
BEC isn’t your typical spam. There’s no Nigerian prince, no obvious typos, no sketchy links. These attacks are targeted and researched. The attacker spends days or weeks studying your company before they ever send a message.
Here’s how it usually plays out. An attacker gets access to a company email account, sometimes through a phishing link, sometimes through credential stuffing. They sit quietly and watch. They learn who handles payments, who approves invoices, how people talk to each other internally. Then they strike at exactly the right moment.
The most common BEC scenarios Fort Myers businesses run into:
- CEO fraud — someone impersonates your boss and asks for an urgent wire transfer or gift card purchase. The “urgency” is the whole trick.
- Vendor impersonation — you get an email that looks like its from a supplier you actually work with, but the bank details have changed. You pay the invoice to the wrong account.
- Payroll diversion — an employee’s email gets compromised and HR receives a request to change their direct deposit info. The next paycheck goes to a scammer’s account.
- Lawyer impersonation — attackers pose as your attorney or title company during a real estate closing or business deal, redirecting funds at the last second.
None of these involve malware. There’s nothing for your antivirus to catch. That’s what makes BEC so dangerous.
Why Fort Myers Small Businesses Are Easy Targets
Big corporations have entire security teams reviewing wire transfers and flagging suspicious email behavior. Most small businesses in Fort Myers, Cape Coral, and Bonita Springs? They’ve got maybe one person handling AP, and that person is also doing three other jobs.
BEC attackers know this. They specifically target companies where one or two people control the money. A 30 person construction company, a medical practice with a small front office, a local real estate agency. These are the sweet spots.
The average loss from a successful BEC attack is over $125,000 according to recent FBI data. For a small Fort Myers business, thats not just a bad quarter. That could be the end of the company.
And here’s the part that really stings — most banks won’t reverse wire transfers once they’re completed. The money is usually moved overseas within hours. Recovery rates are terrible.
How to Protect Your Business Starting Today
The good news is that BEC attacks are preventable if you put the right habits in place. None of this requires expensive software or a full IT overhaul.
What Fort Myers businesses can do right now:
Verify every payment change by phone. This is the single most effective thing you can do. If someone emails you new wire instructions, a changed bank account, or an unusual payment request, pick up the phone and call them directly. Use a number you already have on file, not one from the email. Every time, no exceptions.
Turn on multi factor authentication for all email accounts. MFA stops most account takeovers dead. If an attacker gets a password through phishing, they still cant get into the account without that second factor. Google Workspace and Microsoft 365 both make this easy to set up.
Train your team to spot the red flags. Urgency is the biggest one. Any email that says “handle this now” or “don’t tell anyone” or “I’m in a meeting and can’t talk” should trigger an immediate pause. Real executives don’t ask employees to keep financial transactions secret.
Set up email authentication (DMARC, SPF, DKIM). These protocols help prevent attackers from spoofing your company’s email domain. If your domain doesn’t have DMARC set up, scammers can send emails that look like they’re coming from your actual company address. Your IT provider can configure this in an afternoon.
Create a two person approval process for large payments. No single employee should be able to authorize a wire transfer or payment change above a certain threshold without a second person signing off. This one simple policy would have prevented most BEC losses.
What To Do If You’ve Already Been Hit
Speed matters here. If you realize a BEC attack happened, contact your bank immediately and request a recall of the wire transfer. The sooner you act, the better your chances, though honestly they’re still not great once the money moves.
File a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov. They have a Recovery Asset Team that works with banks to freeze fraudulent transfers. Then call your local Fort Myers police department to file a report.
Document everything. Save the emails, note the timestamps, screenshot any relevant communications. You’ll need all of this for insurance claims and law enforcement.
HenkTek Can Help Lock This Down
We work with small businesses across Fort Myers, Cape Coral, Naples, and Southwest Florida to set up the kind of email security that stops BEC before it costs you money. That means configuring DMARC and SPF records, setting up MFA across your organization, running employee awareness training, and monitoring for signs of compromised accounts.
If you’re not sure whether your email setup is vulnerable, we’ll take a look for free. Give us a call at (239) 234-2334 or reach out through our contact page and we’ll run a quick security check on your email domain. Takes about 15 minutes and you’ll know exactly where you stand.