Attacks & Threats
Business Email Compromise
Also known as: BEC, Email account compromise (EAC)
Definition
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
Examples
- A finance clerk receives a forged "CEO" email asking for a same-day wire to a new supplier account.
- A supplier's hijacked mailbox sends a real invoice with updated bank details that route payment to the attacker.
Related terms
CEO Fraud
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Email Spoofing
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Spear Phishing
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Invoice Fraud
A fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.