A sophisticated scam targeting businesses where criminals compromise or impersonate legitimate business email accounts to authorize fraudulent wire transfers, divert payroll, or steal sensitive data.
A sophisticated scam targeting businesses where criminals compromise or impersonate legitimate business email accounts to authorize fraudulent wire transfers, divert payroll, or steal sensitive data.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
BEC is the most financially devastating type of cybercrime, with the FBI reporting over $2.7 billion in losses in the US alone in 2022. Unlike mass phishing, BEC attacks are carefully researched and targeted, often involving surveillance of a company's email systems before striking.
Attackers may gain access to a real executive's email through phishing or credential theft, then use that legitimate account to send fraudulent instructions. Alternatively, they may use lookalike domains (e.g., company-inc.com instead of companyinc.com) to send convincing emails.
BEC attacks target the people who handle money: accounts payable clerks, finance directors, and HR staff. Common tactics include fake CEO requests for urgent wire transfers, fraudulent vendor invoices with updated bank details, and payroll diversion requests.
In 2019, Toyota Boshoku Corporation, a Toyota subsidiary, lost $37 million to a BEC attack. Scammers impersonated a business partner and convinced a finance executive to change wire transfer payment details. The money was sent to the attacker's account, and most could not be recovered.