What is business email compromise (BEC)?

Business email compromise (BEC) attacks accounted for over $3 billion in losses in 2025, according to the FBI’s Internet Crime Complaint Center annual report. This figure underscores the need for smart, reliable BEC protection.

One single email account compromise can open the door to fraud, payroll theft, or stolen customer information.

Small and midsize businesses are prime targets since they move fast and rely heavily on email communications. But any business without critical security layers in place, such as multi-factor authentication (MFA) or advanced email filtering, may be vulnerable, as attackers could access accounts or impersonate employees without additional verification.

How does BEC work?

Business email compromise attacks don’t rely on detectable malware or common red flags that you can study and learn. Instead, BEC scams play on trust. A scammer studies a company, learns who handles payments or sensitive data, then sends a message that looks completely legitimate in order to obtain money or sensitive business information.

Here’s a more detailed look at how a typical BEC scam unfolds:

1. Research and targeting: The attacker gathers details about the company, such as leadership names, vendors, billing cycles, and even vacation schedules. They decide the team or person they want to target.
2. Impersonation: Attackers spoof or compromise an account to pose as a CEO, manager, or supplier, and may follow up with further phishing emails to gain access to sensitive accounts or financial systems. The phishing attempt may also take the form of a whaling attack when aimed at senior leaders.
3. Creating urgency: The email uses urgent language to pressure you, such as, "This wire transfer must be sent today" or "I need this document right now."
4. Requesting payment or data: The scammer asks for money, payroll changes, or sensitive business information.
5. Funds or information sent: The target responds, thinking the request is real, and the money or data goes straight to the attacker.

What’s the difference between BEC, phishing, and spear phishing?

Phishing is a broad scam that uses fake messages to trick victims into clicking harmful links or surrendering credentials. Spear phishing is a targeted sub-type of phishing that launches personalized attacks toward specific individuals, small groups, or organizations. BEC attacks are a highly-targeted form of spear phishing focused on business fraud.

Like spear phishing, BEC uses phishing tactics, but with a sharper, higher-value focus on financial and data fraud within a business. But instead of high-value individuals like trusted leaders, vendors, or executives being the targets of the attack, those people are impersonated in BEC attacks, with scammers leveraging the trust they command to request money transfers or sensitive data.

What are some identifiers of a BEC attack?

BEC messages are designed to look normal at first glance, but closer inspection can reveal clues. BEC attacks are highly personalized, so they use different approaches depending on what information the attacker is after and who they’re impersonating. But there are a few things to watch out for that should tell you to think critically before replying.

Here are some general identifiers of a BEC attack:

• An urgent request for a wire transfer or sensitive information.
• A sudden change in payment details or bank account information.
• An email that looks like it’s from an executive but feels slightly off in tone or scope.
• Subtle misspellings in the sender’s address or domain name, like “1” subbed for “l” or “I.”
• Pressure from above to bypass normal approval steps.
• Requests for confidentiality around a financial transaction.
• Unusual timing, like late-night or weekend payment demands.

Common BEC examples

BEC scams come in different shapes and sizes, but they all aim for the same result: gaining your trust fast and tricking you into sharing money or data. But seeing how these attacks play out in real life can make them easier to spot and stop.

Here are some common examples of BEC scams:

• Urgent request from the CEO: An employee receives an email that appears to be from the CEO asking for an immediate wire transfer or gift card purchase for a confidential deal.
• Payroll update scam: HR gets a message from an employee requesting a quick change to direct deposit details. The new bank account belongs to the scammer.
• Man-in-the-middle attack: In a man-in-the-middle attack, a hacker secretly intercepts email conversations between two parties, then jumps in at the right moment to alter payment details or redirect funds.
• Vendor invoice fraud: A criminal poses as a trusted supplier and sends updated payment instructions. The next invoice payment goes straight to the attacker.
• AI-powered impersonation: Some attackers now use AI and deepfakes to mimic voices and writing styles. A fake voicemail or convincing email can make the scam feel alarmingly real.

Why BEC is dangerous

BEC hits where it hurts your organization most — your money and reputation. A single incident can cause a small business to suffer a loss that disrupts payroll, delays vendor payments, and stalls growth.

Also, stolen employee data or client information can create long-term fallout. You may face legal claims, fines, breach notification costs, and strained partner relationships. On top of that, your team’s time gets pulled into damage control instead of running the business. Customers may think twice before sharing details again.

That’s why having strong BEC prevention measures, like payment verification workflows, secure email filtering, and regular employee training, is important. These practices help employees spot suspicious activity early and prevent cybercrime before one deceptive email turns into a full-blown crisis.

How to prevent BEC attacks

Preventing BEC requires layered email security for small businesses, meaning secure email tools, access controls, and employee training all working together. Clear internal processes also help teams handle sensitive requests, such as payments or data changes, with confidence instead of uncertainty.

To keep BEC attacks at bay in small and medium businesses:

• Create a strict payment verification process: Require dual approval for wire transfers and vendor banking changes. Verify requests using a known phone number instead of the one listed in the email.
• Use multi-factor authentication (MFA): Using MFA on all accounts helps block account takeover attempts, even if passwords are stolen.
• Deploy advanced email filtering and domain protection: Use tools that detect spoofed domains, lookalike addresses, and unusual sending behavior.
• Provide ongoing phishing awareness training: Regular simulations improve real-world phishing protection and reduce impulse responses to urgent requests.
• Monitor for unusual login activity: Use security tools that send alerts when someone signs in from a new device, unfamiliar location, or two distant places within a short time.
• Encrypt sensitive communications: Encrypting emails helps protect payroll data, contracts, and financial records from interception.
• Limit financial access: Only authorized staff should approve payments or change banking details. Fewer hands in the process mean fewer chances for human error and fraud to slip through.
• Review your security stack regularly: Make sure your small business IT essentials, such as a secure email gateway, endpoint protection, backups, and monitoring, are current and properly configured.

What to do if you suspect a BEC attack

If you suspect a BEC attack, immediately pause the transaction, verify the request through a trusted channel, alert your IT or security team, and contact your bank if you have already sent money. Early action can protect your money, your data, and your reputation while strengthening your overall cybersecurity response.

Here are more details on what to do if you suspect a BEC attack:

• Stop all related activity immediately: Pause payments, freeze pending transfers, and prevent any more data from being shared until the situation is resolved.
• Verify the request using a trusted method: Contact the executive, employee, or vendor through a known phone number or internal system. Avoid replying directly to the suspicious email.
• Alert leadership and your IT or security team: Early internal reporting helps contain the issue, check for account compromise, and prevent similar attempts across the company.
• Contact your bank’s fraud department: Quick reporting can improve your chances of stopping or recovering lost funds and protecting your business.
• Secure affected accounts: Reset passwords, enable MFA, and review login history for unusual activity.
• Scan systems and email logs: Look for automatic forwarding rules (settings that secretly forward copies of emails to an outside address), as well as unauthorized access or other signs that the attacker may still be inside your network.
• Document everything: Save emails, timestamps, and transaction details. This supports investigations and insurance claims if needed.

Add an extra layer of security to your business

Business email compromise attacks are built on deception. Norton Small Business helps you combat the threat with powerful, easy-to-manage protection designed for growing teams. From device security to financial monitoring, Norton helps reduce the risk of account takeovers and suspicious financial activity.

With simple setup and centralized controls, Norton adds smart protection without slowing your team down. That means fewer weaknesses, stronger defenses, and more confidence in every email your business sends and receives.

FAQs

What is the most common BEC example?

One of the most common examples of BEC is the CEO fraud scam. An employee receives an urgent email that appears to be from the company’s CEO asking for a wire transfer or gift card purchase. The pressure to act fast is what makes it effective.

How does BEC impact cybersecurity?

BEC exposes gaps in email controls, identity protection, and internal processes. A successful attack can result in financial losses, data breaches, and damaged trust. It also shows why strong monitoring and access controls are essential parts of any cybersecurity plan.

What tools can my business use for BEC detection?

You can use secure email gateways, MFA, domain monitoring, and behavior-based threat detection tools. Solutions like Norton Small Business can also help strengthen visibility and protection across devices and accounts. Not to mention, employee training and clear payment verification processes play a key role in catching suspicious activity early.

What is a different name used for business email compromise?

Business email compromise, also known as email account compromise (EAC), is a form of cybercrime. Under this umbrella, you’ll find specific scam types such as CEO fraud, vendor invoice fraud, and payroll diversion scams, each using a different angle to trick you into sending money or data.