Is Business Email Compromise the same as phishing?

Business Email Compromise is a form of phishing, but it is usually more targeted and financially motivated. BEC attacks often use impersonation, urgency, and real business context instead of generic spam language.

What is an example of a BEC scam?

A common example is a fake email that appears to come from a CEO or vendor requesting an urgent wire transfer or asking accounting staff to change banking details for a legitimate invoice.

Business Fraud • Business Email Compromise (BEC)

What Is Business Email Compromise (BEC)?

Q: What is Business Email Compromise?

Business Email Compromise, or BEC, is a scam where attackers impersonate executives, employees, vendors, or trusted contacts to trick a business into sending money, changing payment information, or sharing sensitive data.

Business Email Compromise (BEC) is a targeted scam where attackers impersonate trusted people or companies to trick employees into sending money, changing payment details, or sharing sensitive business information.

Start Business Fraud Training View Business Articles

Business-focused education

Email impersonation threats

Payment fraud prevention

Quick takeaway

If an email asks for an urgent payment, invoice update, or bank detail change, verify it through a separate trusted contact method before taking action.

Verified by GonePhishing.com

Business Email Compromise, often shortened to BEC, is one of the most costly and dangerous forms of business fraud. In a BEC scam, a criminal pretends to be a trusted person or organization and convinces someone inside a company to send money, change banking information, purchase gift cards, release payroll data, or share sensitive internal records.

Unlike many broad phishing campaigns, BEC attacks are usually more targeted. The attacker may research the company, study employee names and job roles, monitor invoice timing, or even compromise a real email account before sending the fraudulent request. Because the message often looks normal and appears to come from a boss, coworker, vendor, attorney, or business partner, employees may respond before verifying it.

What is Business Email Compromise?

Business Email Compromise is a scam that uses email impersonation, account compromise, or spoofed communication to trick businesses into making a fraudulent payment or disclosing sensitive information. In simple terms, it is a trust-based attack designed to exploit normal business processes.

A BEC attack does not always rely on malware or obvious phishing language. Many of these scams are short, direct, and believable. A message might say, “Are you available?” followed by a request for a same-day wire. Another might reference a real invoice and ask accounts payable to send funds to a “new” bank account. That realism is exactly what makes BEC so effective.

How Business Email Compromise works

Most BEC attacks follow a pattern. First, the scammer identifies a valuable target such as an office manager, controller, payroll employee, HR representative, bookkeeper, or executive assistant. Then the attacker either spoofs an email address, registers a lookalike domain, or gains access to a legitimate mailbox. Once they understand the company’s communication style and approval habits, they send a message that appears routine but is actually fraudulent.

An attacker studies the company, employees, vendors, or payment routines
They spoof or compromise an email account to appear legitimate
They send a request involving money, banking changes, tax records, payroll, or sensitive files
The message uses urgency, authority, secrecy, or timing pressure
The employee acts before verifying the request through a trusted separate channel

Common examples of BEC scams

Business Email Compromise can take several forms. Some scams focus on executive impersonation. Others target payments, payroll, or data access. The underlying tactic is the same: the criminal uses trust and business context to get past skepticism.

CEO fraud: A scammer impersonates an owner, CEO, or senior executive and requests an urgent confidential wire transfer.
Vendor invoice fraud: The attacker pretends to be a real supplier and asks the company to update payment instructions for an invoice.
Payroll diversion: The criminal impersonates an employee and requests a direct deposit change so wages are sent to the wrong account.
Attorney impersonation: A fake lawyer or legal contact pressures staff to send money or documents immediately.
Account compromise: A real email account is taken over and used to send believable internal or vendor requests.
Data theft BEC: HR, payroll, or finance staff are tricked into sending tax forms, W-2 data, employee records, or confidential files.

Why BEC attacks are so dangerous

BEC scams are dangerous because they do not always look like traditional phishing. There may be no attachments, no obvious malicious links, and no poor grammar. Instead, the attacker relies on business timing, authority, and familiarity. A short email from “the CEO” during a busy day may feel more trustworthy than a flashy spam message.

These scams also target processes that involve real money and sensitive records. If an employee sends a wire, changes vendor banking details, or transmits payroll data before verifying the request, the loss can be immediate and severe.

Red flags of Business Email Compromise

While BEC messages can look convincing, they often contain warning signs. Employees should slow down any financial or sensitive-data request that creates pressure or tries to bypass normal procedures.

Urgent requests involving wires, ACH payments, gift cards, or account updates
Instructions to keep the request secret or avoid normal approval channels
New banking details, changed remittance information, or invoice rerouting
Email addresses or domains that look almost correct but not exact
Requests that do not match normal process, timing, or authority levels
Messages that ask for payroll records, tax forms, or employee data unexpectedly
Replies that push for immediate action when someone asks to verify

How to prevent Business Email Compromise

The best defense against BEC is a combination of employee training, strong internal controls, and technical protection. No single safeguard is enough on its own. Businesses reduce risk most effectively when employees are trained to pause, verify, and follow documented procedures.

Train employees regularly on phishing, executive impersonation, and invoice fraud
Require independent verification for bank changes and payment requests
Use known phone numbers or approved contacts, not the information in the suspicious email
Enable multi-factor authentication on email and admin accounts
Review email security controls, domain protection, and login alerts
Use approval workflows for wires, ACH changes, and sensitive data release
Limit who can change payment details or access payroll and finance systems

What to do if your business is targeted by a BEC scam

If your company receives a suspicious request, do not reply with payment or confidential information until the request is verified. Contact the supposed sender using a known good phone number, internal directory, or separate email chain. If the message involves a vendor, confirm the request through an established vendor contact rather than the email itself.

If money was already sent, act immediately. Contact your bank, request a wire recall or fraud intervention, preserve the email evidence, alert internal leadership, and document every step. Fast reporting can matter.

For immediate response guidance, read: What to Do If Your Business Sent a Wire to a Scammer.

Business Email Compromise vs phishing

Business Email Compromise is part of the broader phishing family, but it is usually more targeted and more financially focused than general phishing emails. A generic phishing attack might try to steal passwords from thousands of people. A BEC attack is more likely to target one company, one invoice, one payroll employee, or one executive assistant with a carefully timed fraudulent request.

In other words, all BEC attacks are phishing-related social engineering attacks, but not all phishing attacks are Business Email Compromise.

Frequently asked questions

What does BEC stand for?

BEC stands for Business Email Compromise. It refers to scams where attackers use email impersonation or account compromise to trick businesses into sending money or sensitive data.

What is the most common BEC scam?

Common BEC scams include fake executive payment requests, vendor invoice fraud, payroll direct deposit changes, and fraudulent banking updates tied to legitimate-looking invoices.

Can BEC happen without hacking an email account?

Yes. Some BEC scams use spoofed or lookalike email addresses instead of a fully compromised account. Even without account takeover, the scam can still look convincing.

Who is most at risk for Business Email Compromise?

Accounting teams, payroll staff, finance departments, HR personnel, executive assistants, office managers, and anyone involved in approvals, invoices, or employee records are frequent targets.