Business Email Compromise (BEC)

Business email compromise (BEC) is a type of email scam where cybercriminals scam organizations through social engineering techniques. BEC is also referred to as email account compromise (EAC) or ‘man-in-the-email’ scamming.

How Does Business Email Compromise Work?

Cybercriminals usually carry out BEC scams by directly hacking an employee's email account, e.g. with a keylogger, or by undertaking a social engineering scheme, like spear phishing, to pose as an employee.

The cybercriminal impersonates the legitimate business email account holder in their email correspondence to lure unsuspecting employees into compromising sensitive data

How Do You Prevent Business Email Compromise?

There are a number of techniques organizations can use to help prevent BEC, such as:

Key takeaways

  • Check icon
    BEC is currently the #1 digital crime in terms of financial loss.
  • Check icon
    Cybercriminals can either hack accounts directly or use spoofed email addresses to conduct BEC scams.
  • Check icon
    Organizations should contact their financial provider immediately if any fraudulent transactions occur.
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating