Business email compromise (BEC) is email-driven fraud where an attacker impersonates an executive, vendor, customer, or employee to redirect payments, steal gift cards, or gain access.
BEC often uses real email threads, lookalike domains, or compromised mailboxes, which makes it look legitimate.
Why it matters for account recovery
BEC is a recovery and prevention term because the fix is usually procedural: verification policies, approvals, and identity controls, not only spam filters.
When BEC succeeds, losses can be hard to reverse. Fast containment and clear payment verification rules reduce damage.
Common failure modes and misconceptions
- Approving payment changes via email: Email alone is not a verification channel. Attackers target invoice workflows because they are time-sensitive.
- Assuming internal threads are safe: Thread hijacking and compromised accounts can make a request look familiar.
- Weak email authentication posture: Domain impersonation becomes easier when spoofing controls are incomplete.
Safe best practices
- Require out-of-band verification for bank detail changes, invoices, and new payees.
- Train staff on phishing variants and pressure patterns.
- Harden email accounts against account takeover and review OAuth apps for persistence.
- Implement SPF and DKIM at the domain level (see SPF and DKIM).
Related terms
Related guides
BEC is a process problem. If money and access changes require a second channel and a second approver, the attacker loses their leverage.