Business Email Compromise (BEC) Scams

Verified by GonePhishing.com

What Is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a type of scam where attackers impersonate executives, employees, or vendors to trick businesses into sending money or sensitive information.

These attacks are highly targeted and often use real company names, job roles, and communication patterns to appear legitimate.

How BEC Scams Work

• An attacker gains access to or spoofs a company email account
• They monitor communication between employees or vendors
• They send a realistic request for payment or information
• The request appears urgent and legitimate

Common BEC Scenarios

• CEO fraud (fake executive requesting urgent wire transfer)
• Vendor invoice fraud (fake invoice or changed payment details)
• Payroll diversion (changing employee direct deposit information)
• Account compromise (email account takeover used to send requests)

Red Flags to Watch For

• Urgent or secretive payment requests
• Changes to banking or payment details
• Email addresses that look similar but are slightly altered
• Requests outside normal procedures
• Pressure to bypass approval processes

Why BEC Attacks Are So Effective

BEC scams succeed because they exploit trust and routine. Employees often recognize the sender’s name and assume the request is legitimate.

Attackers also create urgency to prevent verification and encourage fast action.

What to Do If You Suspect a BEC Attempt

• Do not send money or sensitive information
• Verify the request using a separate communication method (phone call or in person)
• Notify your internal team immediately
• Report the incident to your financial institution if needed

How to Protect Your Business

• Train employees to recognize phishing and BEC attempts
• Require verification for payment changes
• Use multi-factor authentication on email accounts
• Implement internal approval workflows

Protect your employees and business from costly scams: Start GonePhishing Training