What is the best way to verify a suspicious business request?

Always use a 'Secondary Channel.' If you get an email, call the person on their known phone number or message them on an internal platform like Teams or Slack to confirm.

How do scammers get my CEO's name and email?

Most of this data is public on LinkedIn, company 'About Us' pages, and press releases. Scammers use this information to build highly credible 'spear-phishing' profiles.

What should I do if I sent money to a fraudulent account?

Immediately contact your bank's fraud department to freeze the transfer. Report the incident to the FBI's IC3 (in the US) or your local cybercrime authority.

Corporate Security

Verify business requests before you pay.

Business Email Compromise (BEC) is a multi-billion dollar scam industry. Attackers impersonate high-level executives, vendors, or legal partners to trick employees into making fraudulent wire transfers or revealing sensitive corporate data.

Security Insight

BEC attacks often involve no malicious links or malware. Instead, they rely purely on social engineering and 'Lookalike Domains' to convince victims that they are communicating with a trusted colleague or partner.

Identifies 'CEO Fraud' patterns

Spots 'Invoice Manipulation' scams

Protects corporate bank accounts

Analyze a Business Email BEC Safety Guide

How to spot a Business Email Scam

Corporate scams are often highly targeted and sophisticated. Watch out for these specific 'Executive' and 'Vendor' red flags before authorizing any request.

The 'CEO Fraud' request

An urgent, confidential email from a high-ranking executive asking for a wire transfer, gift card purchase, or sensitive payroll data (W-2s).

Invoice 'Change of Bank' details

A message from a known vendor claiming their banking details have changed and instructing you to send all future payments to a new account.

Lookalike Company Domains

The sender's email looks correct at first glance, but uses a subtle misspelling like 'partner-compnay.com' instead of 'partner-company.com'.

Unusual 'Off-Platform' requests

A request to move a conversation from professional channels (Slack, Teams, Work Email) to personal email or encrypted messaging apps.

What IsThisSpam checks before you trust a sender

Quick verdicts are useful, but the real value is understanding why something looks safe, uncertain, or risky.

High-Pressure urgency

Phrases like 'Quick request', 'Are you at your desk?', or 'Needs to be done by EOD' are used to bypass standard verification protocols.

Inconsistent Reply-To addresses

The 'From' address looks official, but when you click 'Reply,' the destination address changes to a completely different personal domain.

Mismatched tone of voice

The email uses language, greetings, or formatting that doesn't sound like the person they are impersonating (e.g., a formal CEO suddenly using slang).

Requests for Confidentiality

Explicit instructions to keep the request secret or 'under the radar' to prevent you from discussing it with your manager or the IT department.

Related guides

Use the checker for the fast answer, then read the deeper guidance for recurring scam patterns.

Zoho Mail Scam Checker

Verify admin alerts and business email safety.

Read the guide

Email Header Analyzer

Learn how to spot forged sender paths in corporate emails.

Read the guide

FAQ

These are the questions people usually ask right before they click, reply, or pay.

Got a screenshot or attachment? Our AI can analyse it.

Free scan first, deeper analysis when you need it

Check the sender before you trust the message.

Start with a fast scan, then move to SuperScan when the message involves money, account access, or sensitive documents.

Analyze a Business Email BEC Safety Guide