top of page

Business Email Compromise: The Scam That Doesn't Look Like a Scam

Laptop screen displaying an email inbox with a prominent "Urgent Payment Request" scam message highlighted in red, indicating a potential phishing attempt amidst other unread emails.
Laptop screen displaying an email inbox with a prominent "Urgent Payment Request" scam message highlighted in red, indicating a potential phishing attempt amidst other unread emails.


Business Email Compromise — most people in fraud operations call it BEC — doesn't announce itself. It doesn't look like a suspicious email from a stranger.


  • It looks like a message from your vendor.

  • Or your boss.

  • Or your accountant.


That's the entire point.


The FBI has called BEC the costliest form of cybercrime in the country for years running. In 2024, it accounted for over $2.7 billion in adjusted losses reported to the IC3. And unlike ransomware or a data breach, BEC doesn't require any sophisticated malware. It just requires trust — and a little pressure.


Here's how it typically plays out for a small business. You get an email that appears to be from a vendor you've worked with for months. The email says they've updated their banking information and asks you to send your next payment to a new account. Everything looks right — the name, the email signature, even the wording. You process the payment. A week later, the real vendor calls asking why they haven't been paid.


Or you get an email that appears to be from your own email account — or from a manager — asking you to buy gift cards urgently for a client. The tone is familiar. The request seems odd but not impossible. You act before you think.


By 2026, AI is making these attacks worse. Fraudsters are now using AI tools to mimic writing styles, generate contextually accurate follow-ups inside existing email threads, and even clone voices for phone follow-ups that reinforce the fraudulent request. BEC attacks were up 15% in 2025 compared to the year before.


What to watch for:

  • Any email requesting a change to payment instructions or banking information — always verify by calling the vendor directly on a number you already have on file, never the number in the email

  • Urgency + secrecy in the same message — "Don't mention this to anyone, we need this done today" is a red flag pattern

  • Email addresses that look right but aren't — fraudsters register domains that are one letter off from the real thing

  • Requests that skip your normal approval process — real vendors and real managers work within the process


If you receive a payment change request you weren't expecting, that moment of hesitation you're feeling is your signal.


  1. Pause.

  2. Pick up the phone.

  3. Verify through a channel that existed before the email arrived.


No legitimate business will ever be upset that you called to confirm before moving money.



Sources: FBI IC3 2024 Annual Report — ic3.gov; LevelBlue SpiderLabs BEC Trend Report, 2025 — https://www.levelblue.com/blogs/spiderlabs-blog/bec-email-trends-attacks-up-15-in-2025/


-----------------------------------


Key Terms


Business Email Compromise (BEC) — A type of fraud in which criminals send email messages that appear to come from a known, trusted source making a legitimate request, in order to trick the recipient into transferring money or sharing sensitive information. The FBI has called it one of the most financially damaging online crimes.


Social Engineering — A manipulation technique used by fraudsters that exploits human psychology — such as trust, urgency, or authority — rather than technical vulnerabilities, to convince people to take actions that benefit the attacker.


Email Spoofing — The forgery of an email header so that the message appears to come from a legitimate sender when it actually originated from a different, fraudulent address.


Vendor Email Compromise (VEC) — A subset of business email compromise in which fraudsters specifically target or impersonate trusted vendors or suppliers to intercept payments or redirect funds.

Comments


bottom of page