Skip to main content
    Back to GCR Scam Guard

    Business Email Compromise (BEC): Corporate Email Fraud

    Last updated: March 2026

    business email compromise
    BEC scam
    CEO fraud
    corporate email scam

    Overview

    Business Email Compromise (BEC) is one of the costliest forms of cybercrime. According to Europol and the FBI, BEC causes billions in global losses annually. The UK NCSC and Australia's ACSC have issued similar warnings about its rapid growth. Attackers compromise or spoof corporate email accounts to trick employees, vendors, or partners into making fraudulent wire transfers or sharing sensitive information. Unlike mass phishing, BEC attacks are highly targeted and often involve extensive research into the target organization.

    How This Scam Works

    1

    Attackers compromise an executive's email account through phishing or credential stuffing, then use it to send fraudulent requests to employees.

    2

    Email spoofing creates messages that appear to come from the CEO, CFO, or a trusted vendor, requesting urgent wire transfers or sensitive data.

    3

    Vendor email compromise involves hacking a supplier's email to send fake invoices with updated payment information.

    4

    Payroll diversion schemes redirect employee direct deposits to criminal accounts by impersonating employees through HR email requests.

    Warning Signs

    Urgent requests for wire transfers or payment changes from executives
    Emails requesting secrecy about financial transactions
    Changes to vendor payment information received by email
    Requests for W-2s, employee data, or sensitive company information
    Slight variations in email addresses from known contacts
    Unusual timing of requests, such as after business hours or during travel

    Real Scam Examples

    These are examples of messages used in this type of scam.

    CEO Impersonation

    Hi [CFO Name], I need you to process a wire transfer of $125,000 to complete a confidential acquisition. This is time-sensitive and cannot wait until Monday. I am traveling and unreachable by phone. Please process immediately and confirm by email.

    Vendor Impersonation

    Hello, This is to inform you that our banking information has changed. Please update your records with the new account details below for all future payments. Invoice #4827 for $67,450 is due this week.

    How to Protect Yourself

    1Implement verification procedures

    Require phone verification for all wire transfers, payment changes, and sensitive data requests using known contact numbers, not numbers provided in the suspicious email.

    2Use multi-factor authentication on all email accounts

    MFA prevents attackers from accessing email accounts even if passwords are compromised through phishing.

    3Deploy email authentication protocols

    Implement SPF, DKIM, and DMARC to prevent email spoofing and flag messages from unauthorized senders.

    4Train employees regularly

    Conduct regular BEC awareness training with realistic phishing simulations. Ensure all employees, especially those in finance and HR, understand BEC tactics.

    Frequently Asked Questions

    Think you have received a scam like this?

    Paste the suspicious message into our free AI-powered scam analyzer.

    Related Resources