Business Email Compromise (BEC)

Business Email Compromise is where scams become industrial-scale crime. Unlike consumer scams that might steal hundreds or thousands, BEC routinely steals hundreds of thousands to millions from a single target.

The research: Scammers identify targets through LinkedIn, company websites, and public records. They map organizational structures, identify CFOs and accounts payable staff, and understand how the company handles payments.

The access: Scammers compromise email accounts — either the executive's (via phishing) or a lookalike domain (microsoftt.com instead of microsoft.com). Sometimes they compromise a vendor the target company works with, then redirect legitimate invoices.

The five main BEC variants:

1. CEO fraud: The CFO receives an email 'from the CEO' requesting an urgent wire transfer, often for a 'confidential acquisition' or 'urgent business need.' The CEO is conveniently in a meeting and can't be called directly.

2. Vendor impersonation: The scammer compromises a supplier's email and sends a legitimate-looking invoice with updated payment details pointing to the scammer's account.

3. Attorney impersonation: An email claims to be from outside counsel handling a sensitive matter, urging wire transfer for legal fees or settlement.

4. Payroll diversion: HR receives an email 'from an employee' asking to update their direct deposit account — rerouting their paycheck to the scammer.

5. Data theft: Scammers request W-2 forms, customer lists, or financial records (not money, but valuable data for future fraud).

The AI evolution: In 2026, BEC is supercharged by AI. Scammers use voice cloning to make follow-up phone calls that sound exactly like the real executive. They use AI to generate contextual emails that reference real company events scraped from LinkedIn and press releases.