What is business email compromise (BEC)?

Business Email Compromise (BEC) uses email to defraud organizations through impersonation and social engineering. Attackers pose as executives, vendors, or partners to authorize fraudulent transactions or data disclosure.

Common scenarios: CEO fraud (fake executive requests wire transfer), vendor impersonation (fake invoice with changed payment details), and data theft (fake HR requests for employee information).

BEC causes billions in annual losses. FBI reports it as the most financially damaging cyber crime category. Success requires no technical exploitation; social engineering alone suffices. Defense requires verification procedures, financial controls, and awareness training.