Business email compromise (BEC) is fraud that abuses trusted email relationships—often without malware. Attackers impersonate executives, vendors, or employees to redirect payments or steal sensitive data.
Typical patterns
- Vendor bank detail “update” requests
- CEO/CFO urgent wire instructions
- Compromised real mailbox used to continue a thread
- Payroll diversion for new hires or direct deposit changes
Controls that reduce BEC
- Out-of-band verification for any payment destination change (phone call to a known number)
- MFA on all mailboxes; monitor for forwarding rules
- Dual control for wires above a threshold
- Staff training focused on finance workflows—not generic “don’t click links” only
Want this applied to your environment?
Book a free 15-minute review. For a structured baseline, ImpetraInsights™ delivers multi-framework scoring and an executive-ready report.