← All glossary terms Glossary

What is Business Email Compromise (BEC)?

A scam where attackers take over or impersonate a business email account to redirect payments or steal sensitive information.

Business Email Compromise (BEC) is one of the most financially damaging categories of cybercrime — and it usually does not involve malware. The pattern: an attacker steals or impersonates a legitimate email account (often through phishing or MFA bypass), studies the inbox, then inserts themselves into a real financial conversation — changing wire instructions, redirecting invoices, or requesting urgent transfers. Detection requires monitoring inbox-rule changes, suspicious sign-ins, and the conversational patterns that indicate an attacker has taken over a mailbox.

  • Usually involves no malware — it's account takeover and impersonation.
  • Targets money: redirected wires, altered invoices, urgent transfer requests.
  • Detected through inbox-rule changes, anomalous sign-ins, and conversation patterns.

En français

Compromission de la messagerie d'affaires (BEC)

Une fraude où des attaquants prennent le contrôle d'un compte courriel d'affaires ou l'usurpent pour détourner des paiements ou voler des renseignements.

La compromission de la messagerie d'affaires (BEC) est l'une des catégories de cybercriminalité les plus coûteuses — et elle n'implique généralement pas de maliciel. Le scénario : un attaquant vole ou usurpe un compte courriel légitime (souvent par hameçonnage ou contournement de l'AMF), étudie la boîte de réception, puis s'insère dans une véritable conversation financière — modifiant des instructions de virement, détournant des factures ou exigeant des transferts urgents. La détection exige la surveillance des modifications de règles de boîte de réception, des connexions suspectes et des schémas de conversation qui trahissent une prise de contrôle.

Business Email Compromise (BEC): frequently asked questions

How is BEC different from phishing?

Phishing is the broad tactic of fraudulent messages. BEC is a specific, high-value outcome where an attacker takes over or impersonates a business account to redirect payments — often using phishing as the way in.

How can I prevent business email compromise?

Enforce MFA, require a verification step for any payment or banking change, monitor for suspicious inbox rules and logins, and train finance staff on the pattern. Fast detection of account takeover is the backstop.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team