APWG Phishing Statistics

Cybersecurity 101: What Is Business Email Compromise (BEC)?

In our second installment of the cybersecurity 101 series, we’ll address Business Email Compromise (BEC)—what it is, how it works, and how you can protect yourself against it.

What Is BEC?

BEC refers to an email scam that targets specific people in an organization to either steal money, data or other confidential employee information. These email impersonations rely heavily on social engineering tactics. 

How Does BEC Work?

BEC happens when the scammer poses as a trusted individual with a legitimate business request. BEC attacks are highly targeted, sent in low volumes, and aimed at specific people.

The scams are hard to identify and may seem part of any day-to-day request to the target. Scammers, who want to circumvent tight network controls, research the best ways to take advantage of human vulnerabilities.

Here are some examples of BEC attack scenarios:

  • A scammer impersonates the CEO and asks employees in the finance department to transfer funds to a new account. Would you question a request coming from your CEO?
  • A malicious email spoofs an HR employee and asks you to submit personal information.
  • A business partner email address is spoofed and sends a seemingly legitimate request for data.

Because these email accounts have been manipulated and have well-hidden tactics, BEC attacks are difficult to detect and can leave companies perplexed in the aftermath. 

Email is today’s top threat vector, accounting for 90% of advanced threats. Below are examples from our Stopping Email Fraud eBook, showcasing how costly these ever-growing threats have been.

Business Email Compromise (BEC) Statistics

How Can You Protect Yourself from Business Email Compromise (BEC) Attacks?

BEC is fueled by vulnerabilities and is a growing threat to employees. Your organization can stay protected with a multi-layer approach; utilizing people, process and technology. Head to our dedicated Business Email Compromise (BEC) page