What is business email compromise?
Business email compromise, often called BEC, happens when an attacker uses, compromises, or imitates a trusted email account to trick people into sending money, changing banking details, or sharing information.
Simple example
An attacker gains access to a supplier mailbox and sends a convincing request to update banking details before the next invoice is paid.
Why it matters
BEC can lead directly to financial loss and can damage trust between clients, suppliers, and staff.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Use MFA on all email accounts.
- Verify banking detail changes using trusted contact details.
- Use payment approval processes that do not rely only on email.
- Monitor for mailbox forwarding rules and suspicious sign-ins.
- Train staff to challenge urgent financial requests.
Reactive steps
- Contact the bank immediately if money was transferred.
- Preserve email evidence and transaction details.
- Check affected mailboxes for forwarding rules and suspicious login history.
- Reset passwords and MFA for affected accounts.
- Notify impacted clients or suppliers where appropriate.
Related terms
- Phishing
- Invoice fraud
- Credential theft