Business Email Compromise (BEC)
A social engineering attack that impersonates executives or vendors to authorize fraudulent transactions.
Full Definition
Business Email Compromise (BEC) is a sophisticated email-based scam that targets organizations with the goal of financial fraud or data theft. Attackers impersonate executives, vendors, or business partners — either by compromising a real email account or by spoofing one — and use this position of trust to convince employees to wire funds, share credentials, or redirect payroll.
BEC attacks often begin with reconnaissance: attackers gather information about the target organization from LinkedIn, company websites, and leaked data to craft highly convincing scenarios. Common pretexts include CEO fraud (urging urgent wire transfers), invoice manipulation (changing vendor payment details), and payroll diversion.
The FBI has reported BEC as one of the most financially damaging cybercrime categories globally. Leaked employee email addresses and professional profiles from data breaches significantly lower the barrier for highly targeted BEC attacks.
Related Terms
Spear Phishing
A targeted phishing attack customized with personal details to deceive a specific individual or organization.
Attack TypesSocial Engineering
Psychological manipulation of people into performing actions or divulging confidential information.
Attack TypesPhishing
A social engineering attack using deceptive emails or messages to steal credentials or deliver malware.
Attack TypesAccount Takeover (ATO)
Unauthorized access to a user account by exploiting stolen credentials.
Attack TypesMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.