AI-Powered Tool · Franklin County PA

Is This Email Legit?

Business Email Compromise (BEC) is the #1 cybercrime dollar loss in the U.S. — $2.9 billion in 2024 alone. Paste a suspicious email and get an instant plain-English analysis of what it is and exactly what to do.

$2.9B
BEC losses in 2024
FBI IC3 Report
#1
Loss category
for businesses
FREE
AI analysis powered
by Google Gemini
Sources: ↗ FBI IC3 2024 ↗ CISA BEC Guidance ↗ SANS Institute ↗ PA Attorney General
Step 1 — Paste Your Email
Analyze a Suspicious Email

Paste the full email text below. The more detail you include — subject, sender address, email body — the more accurate the analysis. No email is stored or logged.

0 characters
Clear form
Privacy: No email content is stored or logged. Analysis is processed in real time and discarded. This tool does not replace legal or law enforcement reporting — see PA resources below.
🔍
Paste a suspicious email on the left and click Analyze to get an instant plain-English breakdown.
📧Vendor asking you to update their bank account?
💸Boss emailed asking for an urgent wire transfer?
🎁Request to buy gift cards for a client or project?
💼HR email asking you to update your direct deposit?
🏠New wire instructions for a real estate closing?
Analyzing for BEC indicators…
Powered by Google Gemini via Swamp Fox Proxy
Identified As
⚠ Red Flags Found
✓ What To Do Right Now
🔎 How To Verify The Sender
Report to FBI IC3 ↗ Book Free Assessment →
⚠️
Analysis unavailable right now. If this email is urgent, contact Andrew directly or report immediately to FBI IC3.gov.
Know the Scams
The 5 Most Common BEC Types

Business Email Compromise is not about hacking — it's about deception. Attackers impersonate people you trust. These are the five types Franklin County small businesses encounter most.

🧾 $1.17B in 2024 · FBI IC3
Invoice & Vendor Fraud
A supplier, vendor, or contractor emails claiming they've changed their banking information. Future payments are redirected to the attacker's account. Often the email looks identical to legitimate vendor emails.
Example: "Please update your records — our bank account has changed effective immediately."
👔 $686M in 2024 · FBI IC3
CEO / Executive Fraud
An email appearing to come from your boss, owner, or a senior executive instructs an employee to wire money, share credentials, or take urgent action — often marked confidential or time-sensitive.
Example: "I'm in a meeting — please process this wire to close the deal today. Very urgent."
💳 Avg. $10,000+ per incident
Payroll Redirect
An attacker impersonates an employee and emails HR or payroll asking to change their direct deposit banking information before a pay date. Losses are rarely recovered — funds transfer immediately.
Example: "I recently changed banks — can you update my direct deposit info before Friday?"
🎁 Consistently top 5 · FBI IC3
Gift Card Scam
An employee receives an email from someone claiming to be the owner or a manager, asking them to urgently purchase gift cards (Google Play, Apple, Amazon) and send back the codes. Common target: anyone with purchasing authority.
Example: "Can you grab $500 in Google Play cards for a client gift? I'll reimburse you."
🏠 $446M in 2024 · FBI IC3
Real Estate Wire Fraud
Extremely prevalent in Pennsylvania. Attackers monitor real estate transactions and email buyers, sellers, or attorneys with fake wire transfer instructions at closing. Lost funds are almost never recovered once wired.
Example: "Wire instructions have changed — please send closing funds to the following account."
🛡️ PREVENTION
How to Protect Your Business
The FBI, CISA, and SANS all agree on core defenses: verify any payment change by phone using a number you already have; enable MFA on email; use wire verification callbacks. Andrew can help you build a BEC response policy at no cost.
Sources: CISA BEC Guidance · FBI IC3 2024 · SANS Institute

Pennsylvania Reporting Resources

If your business has been victimized by a BEC scam, you must act fast — wire transfers can sometimes be recalled within 24–72 hours. Report immediately to the FBI and your bank simultaneously.

Pennsylvania's breach notification law (73 P.S. § 2301) requires businesses to notify affected individuals and the PA Attorney General within 60 days of discovering a breach involving personal information. BEC attacks that expose employee or customer data trigger this requirement. Read the full PA breach law ↗
🚨
FBI Internet Crime Complaint Center
ic3.gov
Report BEC, wire fraud, and all cybercrime. File within 24 hours for best chance of fund recovery.
 ⚖️
PA Attorney General — Consumer Protection
attorneygeneral.gov
File a complaint, understand your PA breach notification obligations, and access victim resources.
 🛡️
CISA BEC Prevention Guidance
cisa.gov
Official U.S. government guidance on preventing and responding to Business Email Compromise.
 📋
FTC ReportFraud.ftc.gov
reportfraud.ftc.gov
Report fraud and scams to the Federal Trade Commission. Reports inform federal enforcement actions.

Not Sure What You're Looking At?

Andrew Wellman, CISSP — comes to your Chambersburg or Franklin County business, reviews your email security settings, and delivers a written report at no cost. Evenings and weekends available.

Book Your Free Assessment
No cost · No obligation · Franklin County PA · CISSP · GIAC GICSP · GIAC GRID · SecurityX