Glossary term
Business Email Compromise
Business email compromise is a fraud scheme where a criminal uses a spoofed, hacked, or lookalike email account to trick a business into sending money or sensitive information.
Byline
Written by: Editorial Team
Updated
What Is Business Email Compromise?
Business email compromise, often shortened to BEC, is a fraud scheme in which a criminal uses email to impersonate a trusted person or organization. The message may appear to come from an executive, vendor, customer, attorney, title company, payroll contact, or financial institution. The goal is usually to redirect a payment, change bank instructions, collect sensitive information, or gain access to accounts.
BEC is dangerous because it often looks like ordinary business communication. The email may come from a compromised real account, a lookalike domain, a forwarded thread, or a familiar invoice format. The fraud works by blending into a workflow that already expects invoices, approvals, payroll changes, or wire instructions.
Key Takeaways
- Business email compromise uses email impersonation or account compromise to redirect money or information.
- Common targets include vendor payments, payroll changes, real estate wires, executive approvals, and invoice processing.
- The email may look legitimate because it uses a real thread, familiar language, or a slightly altered domain.
- Independent verification of payment changes is one of the strongest controls.
- BEC is both a cybersecurity risk and a payment-control risk.
How Business Email Compromise Works
A fraudster may compromise a real mailbox or create a domain that looks almost identical to a vendor or executive domain. The attacker then sends a message asking for a payment, bank-account change, gift card purchase, payroll update, or confidential file. The request is often urgent and framed as normal business.
The fraud may follow weeks of monitoring email traffic. By watching invoice timing, employee roles, and payment language, the criminal can send a request that arrives at exactly the moment it is most likely to be believed.
Common BEC Patterns
Pattern | How It Works |
|---|---|
Vendor payment change | A fake or compromised email changes bank details for an invoice. |
Executive impersonation | An employee is pressured to send money or buy gift cards. |
Payroll diversion | Direct deposit instructions are changed to an attacker-controlled account. |
Real estate wire fraud | Closing funds are sent to fraudulent wiring instructions. |
Data request | Employee, customer, or tax records are requested through impersonation. |
Controls That Reduce the Risk
Businesses can reduce BEC risk by requiring call-back verification for bank-account changes, using known phone numbers instead of email replies, separating payment approval from payment setup, and training employees to pause on urgent or unusual requests. Email security helps, but payment controls are just as important.
If a payment has already been sent, speed matters. Contacting the financial institution quickly may improve the chance of a hold, recall, or recovery, though no recovery is guaranteed.
The Bottom Line
Business email compromise turns trusted email workflows into payment traps. The safest process treats new payment instructions, urgent executive requests, and bank-detail changes as verification events, not routine inbox tasks.