Business Email Compromise (BEC)

Targeted phishing aimed at corporate finance teams to redirect wire transfers or invoice payments.

BEC is the most expensive scam category in the world — billions per year, per FBI IC3. The attacker impersonates a CEO, CFO, or vendor and asks finance to wire money or change banking details on an invoice.

Unlike volume phishing, BEC often involves no malicious link at all. The whole attack is psychological — a believable-looking email with the right names, the right tone, and a plausible reason for urgency.

Defense: out-of-band verification on any payment-related instruction, mandatory dual-control for new payee setup, and DMARC enforcement on your own domain.

Related terms

Spear phishing

Targeted phishing aimed at a specific person or organization, often using personal information gathered beforehand.

Phishing

Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.

Got a URL you're unsure about?

Paste it into our free scanner — verdict in seconds, 10+ threat-intel sources.

Scan a URL →