+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is Business Email Compromise?

Business email compromise is a targeted fraud tactic where attackers abuse trusted business communication to get money, data, access, or account changes. A BEC attack may use a compromised inbox, spoofed sender, lookalike domain, fake executive request, or vendor impersonation to make the message feel legitimate.

Learn More
Short definition

Business email compromise, or BEC, is a social engineering scam that uses email to impersonate a trusted person or organization. The goal is usually to trick an employee into sending money, changing payment details, releasing data, or approving access without independent verification.

At a glance: BEC is dangerous because it often looks like normal business. The email may not include malware or a suspicious attachment; the request itself is the attack.

Expanded explanation

Business email compromise exploits routine approval paths and workplace trust. Attackers study how an organization communicates, who approves payments, what vendors are used, and which employees can make changes. Then they send a message that fits the routine closely enough to avoid suspicion.

Some BEC attacks begin with a compromised mailbox. If an attacker controls a real inbox, they may read old conversations, create forwarding rules, and wait for the right moment to send a payment or document request. Other attacks do not require account access. A spoofed sender, lookalike domain, or convincing display name may be enough if the recipient is busy and the request feels plausible.

BEC often targets finance, payroll, HR, procurement, legal, executives, and operations because those teams handle decisions with direct business impact. A single email can ask for a bank change, urgent wire, W-2 file, gift card purchase, contract document, or login approval.

The hardest part for users is that BEC may look calm and professional. It does not always use panic or obvious threats. Sometimes the message works because it resembles the kind of routine request the employee handles every week.

How Business Email Compromise Works

A BEC attack is usually built around a real business process that can move money, data, or authority.

  1. The attacker studies the organization. They may use public information, leaked data, vendor details, social media, or stolen mailbox content.
  2. A trusted identity is chosen. The attacker may impersonate an executive, vendor, lawyer, employee, customer, or finance contact.
  3. The message fits a business task. It may reference an invoice, payment change, payroll file, tax document, acquisition, contract, or urgent customer issue.
  4. The request pushes a decision. The target is asked to transfer funds, change bank details, share files, approve access, buy gift cards, or keep the request confidential.
  5. The attacker tries to delay discovery. They may ask for secrecy, use a private thread, change reply-to behavior, or time the request near deadlines.

Common Business Email Compromise Examples

BEC examples often look like ordinary administrative work until the outcome is reviewed.

  • Vendor invoice change: A supplier appears to request updated banking details before the next payment cycle.
  • Executive wire request: A message that appears to come from a leader asks finance to send an urgent confidential payment.
  • Payroll diversion: HR or payroll receives a request to change an employee's direct deposit details.
  • Tax or personnel data request: An attacker impersonates leadership or finance and asks for W-2s, employee records, or payroll files.
  • Gift card or purchase request: A manager appears to ask an assistant or team member to buy gift cards or make a quick purchase outside the usual process.

Why Business Email Compromise Matters

BEC matters because it targets business process, not just technology. Even with strong malware defenses, a well-written request can reach the exact person who has authority to act. If that process lacks verification, the attacker may not need malware or broad system compromise.

The financial impact can be direct, but the risk is broader than wire fraud. BEC can expose payroll data, customer files, legal documents, authentication details, and vendor information. A compromised mailbox can also become a launch point for more attacks against partners and customers.

BEC is also difficult because employees may feel they are being helpful. They are trying to pay a vendor, support leadership, help HR, or solve a time-sensitive issue. The attacker succeeds by making the unsafe action feel like good service.

How to Reduce Business Email Compromise Risk

BEC prevention depends on protecting the workflows attackers want to exploit.

  • Verify payment changes out of band. Use a known phone number or approved vendor portal before changing banking details or sending funds.
  • Require multi-person approval. Large payments, new vendors, payroll changes, and sensitive data releases should not rely on one email thread.
  • Harden email identity. Use email authentication, MFA, mailbox monitoring, and alerts for suspicious forwarding or login behavior.
  • Train for process exceptions. Employees should slow down when a message asks for secrecy, speed, unusual payment handling, or a shortcut around normal controls.
  • Document escalation paths. Finance, HR, and support teams need a clear way to ask, “Can someone verify this?” without delaying legitimate work unnecessarily.

Related Glossary Terms

Business email compromise often overlaps with AI-assisted persuasion and voice follow-up tactics.

  • AI Social Engineering explains how attackers can make business impersonation more adaptive and believable.
  • Callback Phishing covers scams that move a target from a message into a phone conversation.

Final Takeaway

Business email compromise works because it hides inside ordinary work. The email may look professional, relevant, and free of obvious malware, but the requested action can still be fraudulent.

The best defense is a business process that welcomes verification. If a request changes money, access, payroll, or sensitive data, confirm it through a known phone number, vendor portal, or internal approval path before anyone acts.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Business Email Compromise

Quick answers about BEC fraud, payment verification, and protecting trusted business workflows.

What does business email compromise mean?

Business email compromise, often called BEC, is a targeted scam where an attacker uses email impersonation, account compromise, or a trusted business relationship to push a fraudulent request.

Is BEC always caused by a hacked email account?

No. Some BEC attacks use a compromised mailbox, while others rely on spoofing, lookalike domains, fake display names, or convincing messages from external accounts.

Who is usually targeted by BEC?

Finance, payroll, HR, executives, procurement, legal, and operations teams are common targets because they can approve payments, change account data, or share sensitive files.

What is the best defense against BEC?

Strong defenses include payment verification, email authentication, MFA, mailbox monitoring, approval workflows, and training that teaches employees to verify unusual requests.