{"id":15378,"date":"2019-03-05T16:20:09","date_gmt":"2019-03-05T16:20:09","guid":{"rendered":"https:\/\/www.techopedia.com\/definition\/business-email-compromise\/"},"modified":"2023-09-02T07:37:05","modified_gmt":"2023-09-02T07:37:05","slug":"business-email-compromise","status":"publish","type":"definition","link":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec","title":{"rendered":"Business Email Compromise"},"content":{"rendered":"<h2><span id=\"what_does_business_email_compromise_mean\">What Does Business Email Compromise Mean?<\/span><\/h2>\n<p>Business email compromise (BEC) is a type of cyberattack that targets corporate employees who are responsible for handling procurement and\/or wire transfers within a specific business division. The goal of this <a href=\"https:\/\/www.techopedia.com\/definition\/4115\/social-engineering\">social engineering<\/a> scam is to <a href=\"https:\/\/www.techopedia.com\/business-email-compromise-bec-attacks-explained-are-you-at-risk\/2\/34774\">trick the victim into sending money<\/a> or other high-value business assets to the attacker.<\/p>\n<p>According to the FBI\u2019s Internet Crime Complaint Center (IC3), BEC attacks are one of the most profitable types of cyberattacks, resulting in the loss of billions of dollars each year domestically and internationally. Businesses that work with foreign suppliers, businesses that regularly transfer money wirelessly, and business that use <a href=\"https:\/\/www.techopedia.com\/definition\/26735\/public-cloud\">public cloud<\/a> email services are especially vulnerable to BEC attacks.<\/p>\n<p>This type of attack is often initiated through a <a href=\"https:\/\/www.techopedia.com\/definition\/4049\/phishing\">phishing email<\/a> that appears to be legitimate business correspondence. For example, the fraudulent email might contain what looks like a simple address change request from a legitimate business partner. If the change request is accommodated without being verified, however, the victim will end up sending the next financial payment or purchase to a location under the attacker\u2019s control.<\/p>\n<h2><span id=\"techopedia_explains_business_email_compromise\">Techopedia Explains Business Email Compromise<\/span><\/h2>\n<p>BEC attacks are often initiated through <a href=\"https:\/\/www.techopedia.com\/definition\/4121\/spear-phishing\">spear phishing<\/a> emails that target employees with specific job roles. This type of malicious email is usually well-written and closely resembles normal correspondence specific to the business that is being victimized. Types of known BEC <a href=\"https:\/\/www.techopedia.com\/definition\/15793\/attack-vector\">attack vectors<\/a> include:<\/p>\n<ul>\n<li>Change order fraud &#8211; the attacker asks the victim to \u201cupdate\u201d a legitimate business partner\u2019s banking information with routing numbers supplied by the attacker. This type of attack is often used to redirect legitimate payments to an account under the attacker\u2019s control, but change order fraud can also be used to redirect expensive purchases \u2013 such as new computers &#8212; to a location of the attacker\u2019s choice.<\/li>\n<li>C-Level fraud \u2013 the attacker poses as one of the company\u2019s <a href=\"https:\/\/www.techopedia.com\/definition\/13928\/c-level-executive\">C-level executives<\/a> and tricks an employee who is authorized to transfer funds into wiring money to an account under the attacker\u2019s control.<\/li>\n<li>Permission fraud \u2013 the attacker targets a manager who has access to employee personally identifiable information (<a href=\"https:\/\/www.techopedia.com\/definition\/4046\/personally-identifiable-information-pii\">PII<\/a>) and steals permissions to conduct future attacks.<\/li>\n<\/ul>\n<h2><span id=\"bec_attack_prevention\">BEC Attack Prevention<\/span><\/h2>\n<p>To prevent a BEC attack from being successful, <a href=\"https:\/\/www.fbi.gov\/how-we-can-help-you\/safety-resources\/scams-and-safety\/common-scams-and-crimes\/business-email-compromise\" target=\"_blank\">the FBI recommends<\/a> that organizations take the following steps:<\/p>\n<ul>\n<li>Enforce <a href=\"https:\/\/www.techopedia.com\/definition\/34572\/zero-trust-zt\">zero trust<\/a> and strong <a href=\"https:\/\/www.techopedia.com\/definition\/13657\/multi-factor-authentication-mfa\">multi-factor authentication<\/a> for all email accounts.<\/li>\n<li>Establish more than one communication channel to verify significant transactions.<\/li>\n<li>Require both sides of every transaction to use <a href=\"https:\/\/www.techopedia.com\/definition\/5426\/digital-signature\">digital signatures<\/a>.<\/li>\n<li>Prohibit the use of virtual meeting platforms that are not approved by the organization\u2019s information and communication technology (<a href=\"https:\/\/www.techopedia.com\/definition\/24152\/information-and-communications-technology-ict\">ICT<\/a>) department.<\/li>\n<li>Treat unplanned wire transfers and <a href=\"https:\/\/www.techopedia.com\/definition\/13935\/change-request\">change requests<\/a> with suspicion and require employees to verify the legitimacy of such requests before accommodating them.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>What Does Business Email Compromise Mean? Business email compromise (BEC) is a type of cyberattack that targets corporate employees who are responsible for handling procurement and\/or wire transfers within a specific business division. The goal of this social engineering scam is to trick the victim into sending money or other high-value business assets to the [&hellip;]<\/p>\n","protected":false},"author":7813,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"no","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"definitioncat":[231,255,218],"class_list":["post-15378","definition","type-definition","status-publish","format-standard","hentry","definitioncat-it-business-alignment","definitioncat-cyber-threats","definitioncat-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is a Business Email Compromise (BEC)? - Definition from Techopedia<\/title>\n<meta name=\"description\" content=\"This definition explains what a Business Email Compromise (BEC) attack is and how to prevent it.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Business Email Compromise\" \/>\n<meta property=\"og:description\" content=\"This definition explains what a Business Email Compromise (BEC) attack is and how to prevent it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-02T07:37:05+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec\"},\"author\":{\"name\":\"Margaret Rouse\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5\"},\"headline\":\"Business Email Compromise\",\"datePublished\":\"2019-03-05T16:20:09+00:00\",\"dateModified\":\"2023-09-02T07:37:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec\"},\"wordCount\":457,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#respond\"]}],\"articleSection\":\"\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec\",\"url\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec\",\"name\":\"What is a Business Email Compromise (BEC)? - Definition from Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"datePublished\":\"2019-03-05T16:20:09+00:00\",\"dateModified\":\"2023-09-02T07:37:05+00:00\",\"description\":\"This definition explains what a Business Email Compromise (BEC) attack is and how to prevent it.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threats\",\"item\":\"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Term\",\"item\":\"https:\/\/www.techopedia.com\/definition\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Business Email Compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5\",\"name\":\"Margaret Rouse\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg\",\"caption\":\"Margaret Rouse\"},\"description\":\"Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other\u2019s highly specialized languages.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/margaretrouse\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/@techdefinitions\"],\"knowsAbout\":[\"Technology Expert\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/margaret-rouse\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is a Business Email Compromise (BEC)? - Definition from Techopedia","description":"This definition explains what a Business Email Compromise (BEC) attack is and how to prevent it.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Business Email Compromise","og_description":"This definition explains what a Business Email Compromise (BEC) attack is and how to prevent it.","og_url":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_modified_time":"2023-09-02T07:37:05+00:00","twitter_card":"summary_large_image","twitter_site":"@techopedia","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec"},"author":{"name":"Margaret Rouse","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5"},"headline":"Business Email Compromise","datePublished":"2019-03-05T16:20:09+00:00","dateModified":"2023-09-02T07:37:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec"},"wordCount":457,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#respond"]}],"articleSection":""},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec","url":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec","name":"What is a Business Email Compromise (BEC)? - Definition from Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"datePublished":"2019-03-05T16:20:09+00:00","dateModified":"2023-09-02T07:37:05+00:00","description":"This definition explains what a Business Email Compromise (BEC) attack is and how to prevent it.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/definition\/33769\/business-email-compromise-bec#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Cyber Threats","item":"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats"},{"@type":"ListItem","position":4,"name":"Term","item":"https:\/\/www.techopedia.com\/definition"},{"@type":"ListItem","position":5,"name":"Business Email Compromise"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5","name":"Margaret Rouse","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg","caption":"Margaret Rouse"},"description":"Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other\u2019s highly specialized languages.","sameAs":["https:\/\/www.linkedin.com\/in\/margaretrouse\/","https:\/\/x.com\/https:\/\/twitter.com\/@techdefinitions"],"knowsAbout":["Technology Expert"],"url":"https:\/\/www.techopedia.com\/contributors\/margaret-rouse"}]}},"_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition\/15378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/definition"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/7813"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=15378"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition\/15378\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=15378"}],"wp:term":[{"taxonomy":"definitioncat","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definitioncat?post=15378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}