Business Email Compromise (BEC)

Business Email Compromise (BEC) is a sophisticated social engineering attack where attackers impersonate executives, vendors, or trusted partners via email to trick employees into transferring money, sharing sensitive data, or taking other harmful actions. BEC attacks often involve compromised email accounts or convincingly spoofed email addresses.

BEC costs organizations billions of dollars annually and is one of the most financially damaging cybercrime types. Common scenarios include CEO fraud (impersonating an executive to request wire transfers), vendor impersonation (redirecting payments to attacker-controlled accounts), and data theft (requesting employee tax or payroll information).