Business Email Compromise (BEC)

Business email compromise (BEC) is a specific type of phishing attack, a spear phishing attack to be precise – with the objective being to trick employees into taking harmful actions, typically sending money to the attacker. BEC is one of the most damaging and expensive types of phishing attacks in existence, costing businesses billions of dollars each year.

Request a Demo

How Business Email Compromise (BEC) Works

Rather than using a very general pretext designed to fool a large number of users, this particular attack is targeted directly at an individual or small group.


A BEC attack relies upon the ability to look like someone with power within a company or a trusted external partner. An attacker can accomplish this in a few different ways, including:


  • Domain Spoofing: Email address verification is not built into the email protocol (SMTP) by default. This means that an attacker can fake the display name and sender address of an email to make it look like it came from inside the company or a trusted vendor. SMTP allows the sender to define a different address to send replies to, ensuring that they receive any responses.
  • Lookalike Domains: Lookalike domains are designed to take advantage of characters that can be easily confused. For example, the domains and look similar enough that they could fool someone not paying attention.
  • Compromised Accounts: If an attacker has access to a legitimate account, they can use it in a BEC attack. This adds a level of authenticity because the email is actually coming from a trusted address.


A BEC attack takes advantage of a seemingly-legitimate email address to trick the recipient into taking a certain action. The most common goal of a BEC attack is to convince the target to send money to the attacker while believing that they are performing a legitimate, authorized business transaction.

Types of Business Email Compromise (BEC) Attacks

According to the FBI, there are five primary types of BEC attacks, including:


  • False Invoice Scam: In this attack, the phisher pretends to be a vendor requesting payment for services performed for the company. Often, this type of attack will masquerade as one of an organization’s actual suppliers and use a realistic template but change the bank account information to an account controlled by the attackers.
  • CEO Fraud: CEO fraud takes advantage of power dynamics within a company. The attacker will send an email – supposedly from the CEO – instructing the recipient to take some action. This may be to make a wire transfer to “close a business deal” or sending sensitive information to a partner.
  • Account Compromise: An account compromise BEC attack takes advantage of a compromised email account within an organization. With this access, the attacker can request invoice payments from customers while changing the payment details to those of the attacker.
  • Attorney Impersonation: This type of attack takes advantage of the fact that low-level employees within an organization are likely to comply with requests from a lawyer or legal representative because they don’t know how to validate the request. This approach often makes the request seem time-sensitive and confidential to prevent independent verification.
  • Data Theft: BEC attacks are not only designed to steal money from a company. This type of attack targets HR and Finance personnel and attempts to steal sensitive information about an organization’s employees. This information can then be sold on the Dark Web or used in planning and executing future attacks.

How to Protect Against BEC Attacks

A successful BEC attack can be extremely costly and damaging to an organization. However, these attacks can be defeated by taking a few simple email security precautions, including:


  • Anti-Phishing Protections: Since BEC emails are a type of phishing, deploying anti-phishing solutions are essential to protecting against them. An anti-phishing solution should be capable of identifying the red flags of BEC emails (like reply-to addresses that don’t match sender addresses) and use machine learning to analyze email language for indications of an attack.
  • Employee Education: BEC attacks target an organization’s employees, making email security awareness training vital for cybersecurity. Training employees on how to identify and respond to a BEC attack is essential to minimizing the threat of this form of phishing.
  • Separation of Duties: BEC attacks try to trick employees into taking a high-risk action (like sending money or sensitive information) without verifying the request. Implementing policies for these actions that requires independent verification from a second employee can help to decrease the probability of a successful attack.
  • Labeling External Emails: BEC attacks commonly try to impersonate internal email addresses using domain spoofing or lookalike domains. Configuring email programs to label emails coming from outside of the company as external can help to defeat this tactic.


Check Point Harmony Email & Office provides protection against BEC attacks and data loss prevention. To see Harmony Email & Office in action, you’re welcome to schedule a free demo.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.