HomeResourcesGlossaryBEC
Cybersecurity Glossary

What is BEC (Business Email Compromise)?

Business Email Compromise (BEC) is a targeted email fraud technique where attackers impersonate executives, vendors, or trusted partners to trick employees into wiring money, changing payment details, or sharing sensitive data. BEC is the costliest category of cybercrime by losses.

Blocks 99% of password attacks
Required by most cyber insurance
Core to SOC 2, HIPAA, PCI
How It Works

How BEC works

Three-step view of how it operates in practice.

1

Research

Attackers identify the target — usually finance, HR, or executive assistants. They study public information, prior emails, vendor relationships.

2

Impersonate

The attacker spoofs a known sender (CEO, CFO, vendor AP contact) or compromises a real mailbox and sends from it directly.

3

Request

A plausible request arrives: wire a payment, update vendor banking details, buy gift cards, send a payroll file. The sense of urgency and legitimate voice bypass normal checks.

BEC Variants

Common BEC patterns

A clear breakdown of the common variants.

Pattern

CEO fraud

Attacker impersonates the CEO asking finance to urgently wire funds.

Most common

Vendor invoice fraud

Time-based one-time codes from an app like Microsoft Authenticator or Google Authenticator. Offline-capable and phishing-resistant against many attacks.

Convenient

Attorney impersonation

The user approves a sign-in with a tap on their phone. Easy to use but vulnerable to MFA fatigue attacks — always pair with number matching.

Strongest

W-2 / payroll fraud

FIDO2 keys like YubiKey, or device-bound passkeys. Phishing-resistant by design — the key will not authenticate against a fake domain.

Why It Matters

Why BEC matters for SMBs

Business Email Compromise (BEC) is a targeted email fraud technique where attackers impersonate executives, vendors, or trusted partners to trick employees…

$2.9 billion
in reported BEC losses in 2023 — the largest cybercrime category by dollars lost
Source: FBI Internet Crime Report, 2023
Pitfalls

Common BEC mistakes

  • Treating email as authoritativeAny payment change or unusual wire must be verified by voice on a known-good number. Not the number in the email.
  • No out-of-band verification policyAdmins, finance, and anyone with access to money or sensitive data should use an app or hardware key — never SMS alone.
  • Weak banking detail change processA documented, multi-step process for vendor bank changes prevents many BEC variants.
  • Skipping executive mailbox protectionCEO and CFO mailboxes are prime targets. Enforce the strictest controls (phishing-resistant MFA, conditional access) on these accounts.
Common Questions

BEC frequently asked questions

Usually yes, but with sub-limits, social-engineering riders, and strict control requirements. Review your policy — many have a separate, lower cap for social engineering fraud vs computer fraud.
The best tools catch 90%+ of impersonation attempts before delivery. The remaining 10% needs employee training, out-of-band verification, and process controls.
If the wire has gone out, contact your bank IMMEDIATELY — funds can sometimes be recalled within 72 hours. Report to the FBI’s IC3 (ic3.gov). Preserve email headers for investigation.
Yes — SMBs with fewer controls and less scrutiny are often easier targets than enterprises. BEC isn’t a big-company problem.
Have a documented recovery process before it happens. Typically an administrator verifies the user's identity through an out-of-band channel, temporarily disables MFA, and re-enrolls the user with a new device. Backup codes or a secondary security key reduce downtime.
Related Services

LogicalNet services related to MFA

Identity & Access Protection Primary

MFA enforcement, conditional access, least privilege, and identity monitoring.

Email Security

Phishing defense, account-takeover monitoring, and secure email gateways.
Related Terms

Related glossary terms

Phishing

Policies that adapt to device, location, and risk signals.

Spear Phishing

A security model that verifies every request as if it came from an open network.

MFA

Give users only the access they need — nothing more.

Cyber Insurance

FIDO2 keys and passkeys that cannot be proxied or replayed.
Identity & Access

Is your wire-transfer process BEC-resistant?

Talk to a LogicalNet identity expert. We will review your current environment, recommend the right MFA methods for each group of users, and help you deploy without disrupting the business.

Schedule Consult Identity Services
No commitment · Local engineers · Response within 1 business day