Email Account Compromise (EAC), also known as account hijacking, is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.

The EAC scam is very similar to the Business E-mail Compromise (BEC) scam, except that it targets individuals rather than businesses. EAC scams are responsible for hundreds of thousands in consumer losses annually from their inboxes being hijacked by cyber thieves.

What to Know

  • Account Hijacking is a process through which an individual’s email account, computer account or any other account associated with a computing device or service is stolen or hijacked by a hacker.
  • It is a type of identity theft in which the hacker uses the stolen account information to carry out malicious or unauthorized activity by impersonating the account owner.
  • It is typically carried out through phishing, sending spoofed emails to the user, password guessing or a number of other hacking tactics.
  • In many cases, an email account is linked to a user’s various online services, such as social networks and financial accounts, which the hacker can use to retrieve the person's personal information, perform financial transactions, create new accounts, and ask the account owner's contacts for money or help with an illegitimate activity.

What to Do

  • Do not click links or open any attachments in suspicious emails or social media channels.
  • If you believe you are a victim of the EAC scam, immediately contact law enforcement.
  • If you discover a fraudulent transfer on your KeyBank account, immediately contact the Fraud & Disputes Hotline at 800-433-0124.
  • File a complaint at, regardless of dollar loss; provide any relevant information in your complaint and identify that your complaint pertains to the EAC scam.

This material is presented for informational purposes only and should not be construed as individual advice.

KeyBank does not provide legal advice.