Home / Content / What is Business Email Compromise (BEC)?

What is Business Email Compromise (BEC)?

Submitted by admin on Mon, 10/28/2019 - 17:49

What is Business Email Compromise (BEC)?

Business email compromise (BEC) is a form of cyber crime in which the cybercriminal gains access to a corporate / business email account and (spoofs) the owner’s identity to defraud commercial, Government and non-profit organizations or its employees, customers or partners of money or steal sensitive information.

In some cases, an attacker simply creates an account with an email address that is very similar to one on the corporate network(e.g info@zenithbank.com could be used as info@zennithbank.com or info@zeniithbank.com.)

In some other cases, the attackers set up C+C (.cc) domains (e.g info@zenithbank.com could be used as info@zenithbank.cc) to mimic the actual name of the company / institution targeted, or blended of the site’s legitimate name and its top-level domain.

BEC are also referred to as man-in-the email attacks.

In a BEC exploit, the attacker typically uses the identity of someone on a corporate network to trick the target or targets into sending money to the attacker’s account. BEC may involve malware,  social engineering or a combination of the two. The most common victims of BEC are companies / institutions that use internet banking platforms for financial transaction or send and receive sensitive documents electronically.


There are numerous ways that BEC can be used to defraud targets. Here are a few examples:

  • Bogus invoicing scams use a compromised employee account to request a change in payee information, transferring payments to the Criminal’s account.
  • In CEO fraud scams, the criminal pretends to be an executive and requests that an HR or finance department employee make an emergency payment.
  • In an employee account compromise, the attacker might, for example, send an invoice to partner vendors.
  • An attorney’s email identity might be used to pressure for payments, claiming to be handling time-sensitive, confidential matters and requesting immediate payment.

Cybercriminals may further use a compromised account (especially those of HR employees) to gain more personally-identifiable information (PII) for later use in defrauding the company or its clients.


  • Always confirm requests that arrive via email for wire transfers and large amounts of sensitive data. Call the person who supposedly made the request or speak to them in person.
  • Also review such emails carefully. Compare the email address to the address used in similar correspondence from the past.
  • Does the email try to pressure the employee? Does it suggest the request is an emergency and must be fulfilled immediately? These are red flags.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.