BEC (Business Email Compromise)
A sophisticated scam targeting organisations where criminals impersonate executives, suppliers, or partners via email to authorise fraudulent payments or data transfers.
Also known as: business email compromise, CEO fraud, executive impersonation fraud
Last reviewed: 1 June 2026
Business email compromise is one of the costliest forms of financial crime worldwide. Attackers spend weeks or months researching an organisation — learning names, relationships, suppliers, payment processes, and email styles — before impersonating an insider or trusted third party to initiate a fraudulent transaction. Common scenarios include the 'CEO fraud' variant (fake executive ordering urgent wire transfer), supplier payment redirect (posing as a vendor to change bank details), and payroll diversion (posing as HR to redirect salary payments).
Attackers may use lookalike domains, compromised real accounts, or display-name spoofing. The social engineering element is crucial: messages convey urgency, secrecy ('do not discuss with colleagues'), or authority to pressure the target into bypassing normal controls.
BEC attacks are not technically complex — they rely on process failures more than technical ones. The defences that matter most are: strict callback verification procedures for any payment change, multi-person authorisation for high-value transfers, DMARC policies, and staff training to recognise pressure tactics.
Examples
- A finance team member receives an email appearing to be from the CEO requesting an urgent bank transfer to a new supplier before end of business.