Why Merrill
Our goal is to help you reach yours

Together, we’ll create a strategy that revolves around you.

See how
Our services
Helping to make your goals a reality

Access to a wide range of solutions designed to meet a variety of needs.

Take a look
Resources & insights
Designed to take you further

Explore our insights and experiences to help you plan and stay on track for what's ahead.

Dive in
Find an advisor
Merrill Advisor Match

Answer some questions and we'll suggest a couple of advisors best suited to your needs.

Give it a try

Be cyber-secure: Beware of these business email scams

Steps you can take to defend against phishing, smishing and other forms of cyber threats

CYBER CRIMINALS SEND OUT a staggering number of phishing emails to businesses every year. They’re trying to trick employees into revealing proprietary and confidential data or taking an action that will benefit the criminals — and harm your business. They often use a tactic called spoofing — impersonating a legitimate business or person — in an attempt to fool employees into clicking a link, opening an attachment, changing account information or conducting a financial transaction. When these phishing attempts use SMS or messaging apps, they are often called “smishing.”

Switch to Accessibility Friendly View

Text reads: What is business email compromise? Here’s how cyber criminals can defraud your business and gain access to corporate and customer records. Illustration of a man wearing a suit, glasses and a hood sitting at a computer, and emails flying out of it.

Text reads: A cyber criminal sends a fraudulent email that appears to come from a senior executive, a familiar vendor or other trusted source. Illustration of a man wearing a suit, glasses and a hood sitting at a computer with an arrow pointing out of it, signifying a sent email.

Text reads: The email requests that the receiver take immediate action…. Illustration of an email with a red exclamation point, and an arrow pointing from it to two computers, one with a male and one with a female icon.

Text reads: The recipient falls for the scam…. Illustration of an email pointing to a computer that has turned red, signifying a user that has opened a fraudulent email.

Text reads: and processes the payment or transfers money to a fraudulent account. Illustration of a red computer that has opened a fraudulent email, pointing to a bank with money on the outside of it.

Text reads: The money goes to the cyber criminal. Illustration of a man wearing a suit, glasses and a hood sitting at a computer, with money.

Text reads: The email may also contain malware, which if opened, allows the cyber criminal to steal vital company information, including customer records, for use in a future BEC attempt. Illustration of a man wearing a suit, glasses and a hood sitting at a computer, with files labeled confidential.

Clicking those links or opening those attachments can automatically install malware, which, depending on the type, could give the criminals access to your computer or device, install ransomware (in which malware infiltrates your system and cyber criminals hold your business hostage until a fee is paid), and even allow them to burrow further into your company's servers or the cloud. Let them in and they could steal your company’s confidential information and destroy the reputation you’ve worked hard to build with customers.

While the impact of such a business email compromise (BEC) can seem overwhelming, there are things you can consider doing to help protect your business, your customers and your employees from email scams. Consider these best practices:

Avoid clicking on links or attachments from untrusted sources.
Educate employees to identify and report emails, messaging and phone calls that may be fraudulent.
Use confirmed contact information from within the company’s internal contact management system when verifying requests to change information or transfer funds.
Require multiple-person approvals for account and financial change requests.
Encourage employees to ask questions and challenge suspicious activity before acting on requests.

For tips on what to do if you think your business has experienced a cyber event, download “Cyber-security checklist: Consider taking these steps if your business has been targeted,” and share it with your employees.

All our advisors are committed to putting your needs and priorities first. Find some who match your personal preferences too.

Try Advisor Match

Answer a few questions

Want us to contact you?

Submit a request

Phone

Email

View your advisor

Switch to Accessibility Friendly View

Explore what it’s like to work with a Merrill Financial Advisor

Start here

Be cyber-secure: Do's and don'ts for your family

Be cyber-secure: Hone your password-writing skills with this quiz

How the next cyber incident may impact you

Information for:

Corporations & Institutions Job Seekers Media & Journalists Shareholders

Discover Merrill:

About Us Why Merrill Our services Articles Merrill Social Media Form CRS & Other Resources

Get in touch:

Connect with ML^®:

Investing involves risk. There is always the potential of losing money when you invest in securities.

Past performance does not guarantee future results.

Asset allocation, rebalancing and diversification do not guarantee against risk in broadly declining markets.

Merrill, its affiliates, and financial advisors do not provide legal, tax, or accounting advice. You should consult your legal and/or tax advisors before making any financial decisions.

This material is not intended as a recommendation, offer or solicitation for the purchase or sale of any security or investment strategy. Merrill offers a broad range of brokerage, investment advisory (including financial planning) and other services. Additional information is available in our Client Relationship Summary. This material does not take into account a client’s particular investment objectives, financial situations, or needs and is not intended as a recommendation, offer, or solicitation for the purchase or sale of any security or investment strategy. Merrill offers a broad range of brokerage, investment advisory (including financial planning) and other services. There are important differences between brokerage and investment advisory services, including the type of advice and assistance provided, the fees charged, and the rights and obligations of the parties. It is important to understand the differences, particularly when determining which service or services to select. [For more information about these services and their differences, speak with your Merrill Advisor.

Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S” or “Merrill”) makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp.”). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC and a wholly owned subsidiary of BofA Corp.

Insurance and annuity products are offered through Merrill Lynch Life Agency Inc., a licensed insurance agency and wholly owned subsidiary of Bank of America Corporation.

Trust, fiduciary and investment management services, including assets managed by the Specialty Asset Management team,] are provided by Bank of America, N.A., Member FDIC and wholly owned subsidiary of Bank of America Corporation (“BofA Corp.”), and its agents.

Banking products are provided by Bank of America, N.A. and affiliated banks, Members FDIC and wholly owned subsidiaries of Bank of America Corporation.

Investment, insurance and annuity products:

Are Not FDIC Insured	Are Not Bank Guaranteed	May Lose Value
Are Not Deposits	Are Not Insured by Any Federal Government Agency	Are Not a Condition to Any Banking Service or Activity

Our goal is to help you reach yours

Helping to make your goals a reality

Designed to take you further

Merrill Advisor Match

Be cyber-secure: Beware of these business email scams