Business Email Compromise
Attackers impersonate executives to trick employees into transferring funds.
Severity: HighPrevalence: CommonLast Updated: 2026-02-10
Channels
Target Audiences
How It Works
Scammers spoof or hack executive email accounts to send urgent requests to employees, typically in finance or accounting departments. The email appears to come from the CEO, CFO, or another senior executive, requesting an urgent wire transfer to a new vendor or account. The scammer often does research on the company to make the email convincing, referencing real projects or business relationships. Because the request appears to come from a high-level authority figure, employees may bypass normal verification procedures. The funds are quickly transferred to accounts controlled by the scammers and laundered.
Red Flags
- Urgent financial requests from executives that bypass normal approval workflows.
- Requests for secrecy – "Keep this between us" or "Don't discuss with anyone until the deal closes."
- Slightly altered email domains – the sender address may look almost identical to the real one but with a subtle difference (e.g., @company-inc.com vs @companyinc.com).
Protect Yourself
- Verify payment requests verbally – always call the executive directly (on their known number, not from the email) to confirm any unusual transfer request.
- Implement dual approval policies for all wire transfers above a certain threshold.
- Train employees regularly on BEC tactics and establish clear protocols for financial requests.
Visual Examples
What To Do If You've Been Scammed
- Stop the transfer immediately – contact your bank as fast as possible to halt or reverse the wire.
- Contact your bank's fraud department and provide all details of the fraudulent request.
- Report the incident to law enforcement and your IT/security team for investigation.