What is Business Email Compromise (BEC)? How To Prevent It

Business Email Comprise (BEC)

Business email compromise (BEC) attacks have been around since 2013, but their prevalence has increased dramatically over the past few years. While many people think of them as phishing emails, they’re not quite the same thing, and they’re becoming increasingly difficult to detect and block. Here’s what you need to know about BEC attacks, why your business might be targeted, and how to prevent one from taking hold on your network.

What is Business email compromise (BEC)?

Business email compromise (BEC) also known as CEO Fraud, is a form of phishing fraud that has been used by cybercriminals since at least 2012, when it was first reported. BEC attacks are designed to impersonate senior executives or human resources staff at targeted companies and use email as a way to bypass traditional security measures, such as two-factor authentication (2FA). Recently, BEC attacks have become much more sophisticated and are being used in conjunction with other forms of cybercrime like ransomware.

According to the FBI, BEC scams damages have reached over $43 billion this year. Experts report that 94% of malware in cyberattacks is delivered via scam emails. In addition, there’s evidence that state-sponsored actors may be using BEC scams as a way to gain access to corporate networks for espionage purposes.

3 Common Types of Business Email Compromise

Business email compromise (BEC) attacks are often considered part of an umbrella that also includes other types of BEC scams such as business email spoofing (BES), CEO fraud and so on. Below are the most common types of BEC frauds used by cybercriminals to target businesses globally. 

1- CEO Fraud

CEO fraud (also known as Business email compromise) is an increasingly common type of phishing attack targeting businesses and individuals. If a victim clicks a malicious link or downloads an infected attachment, they are infected with malware that gathers key details about their online activities. The hacker can then use these details to create new accounts and send fake invoices for things like freight charges or transfer payments. CEO fraud is now a $26 billion scam impacting businesses throughout the globe.

2- Business Email Spoofing (BES)

Business Email Spoofing (BES), also a type of email phishing scams, surged upto 220% in 2020, and as the world continues to grow at a rapid pace, such scams are only going to increase. In email spoofing, an attacker manipulates information so that it appears as if a message comes from a trusted source.

The sender’s email address is changed (spoofed) in order to fool a victim into thinking that it is sent by someone they know or trust. Attackers use BES as part of phishing attacks. They trick users into clicking on links and opening attachments by impersonating colleagues or other individuals whom they usually communicate with.

3- Vendor Email Compromise

Experts report that the average potential cost of vendor email compromise attacks is around $183,000. Vendors are one of many attack vectors a BEC scam can take advantage of. This is because there is a higher chance that vendors will accept emails without checking them thoroughly and may even send payment details over email (compromising both your company and their own company).

3 Tips to Prevent Email Phishing and Scam attacks

A Business Email Compromise (BEC) attack has been identified as one of the most effective ways to steal money by cyber criminals, so it’s crucial to prevent such attacks before they can happen. Below are three tips that will help you prevent a BEC attack and stay safe on the internet.

1- Don’t download the attachments or click suspicious links

The best way to prevent vendor compromise is to always check if an email is legitimate before you act upon it. If you have any doubts, don’t open attachments or click links within an email—instead, call or contact the sender directly by other means such as in person or through social media.

2- Use Domain Message Authentication

As a business, implementing technical solutions such as DMARC (Domain-based Message Authentication, Reporting & Conformance) are critical to filter out spam and phishing emails or suspicious emails containing malicious attachments.

3- Cybersecurity Education

Cybersecurity experts blame human errors to be the cause of 95% of cyber attacks. It is important to have a security awareness program in place for employees who will be responsible for handling incoming emails. Lastly, it is also important to educate yourself about cyber threats so that you can recognize them when they happen.


Business email compromise (BEC) attacks are becoming increasingly more common as the world’s businesses are growing and developing at a fast pace. Unfortunately, cyber criminals have also become increasingly more skilled and resourceful in their attacks. The good news, however, is that the techniques to prevent business email compromise attacks are relatively simple and straightforward, once you know what you’re looking for and where to look for it. The above mentioned tips can help you maximize your digital safety and can also help you identify potential threats while you surf the internet.



Scroll to top