Business Email Compromise

📧 What Is Business Email Compromise?

Business Email Compromise (BEC) is a targeted scam in which an attacker impersonates a trusted person — such as a company executive, vendor, or colleague — to manipulate employees into transferring money or sensitive data. Unlike broad phishing campaigns, BEC attacks are carefully researched and highly personalized. Attackers may hijack a real email account, create a look-alike domain, or simply spoof the sender’s display name. The goal is usually financial fraud: convincing an accounts payable employee to wire funds to an attacker-controlled account, or tricking HR into redirecting payroll deposits. BEC is one of the costliest cyber threats in the world, responsible for billions of dollars in losses each year.

🧪 Real-World Example

An employee in the finance department receives an email that appears to come from the company’s CEO, asking for an urgent wire transfer to close a confidential deal before end of day. The email tone is authoritative, references real internal details, and asks the employee not to discuss it with others. The employee complies — but the CEO never sent the email, and the money goes to a fraudster overseas.

🛡️ How to Protect Yourself

• Always verify wire transfer or payment requests by calling the requester directly using a known phone number
• Look carefully at sender email addresses for subtle misspellings or domain differences
• Enable multi-factor authentication on all business email accounts
• Establish a written policy requiring dual approval for financial transactions above a set threshold
• Train employees to recognize urgency and secrecy as common BEC red flags
• Use email authentication standards (SPF, DKIM, DMARC) to reduce spoofed emails reaching inboxes