Glossary
What is business email compromise?
Business email compromise (BEC) is a targeted scam where an attacker impersonates a trusted executive, employee or supplier — often with little or no malicious link — to trick someone into transferring money, paying a fake invoice, or sharing sensitive data.
How BEC works
BEC relies on authority and urgency rather than malware. The attacker poses as the CEO, a supplier or a colleague and sends a plausible request — change these bank details, pay this invoice, send these records — often referencing real context.
Because there's frequently no attachment or obvious malicious link, traditional email filters may not flag it. The defense is human: verification and process.
Why BEC is so costly
BEC is one of the most financially damaging attack types because it targets payments and sensitive data directly, and a single successful request can move large sums before anyone notices.
How to prevent business email compromise
- Verify payment and bank-detail changes through a separate, known channel.
- Require dual approval for payments above a threshold.
- Be wary of urgency and secrecy in financial requests.
- Train finance, executives and their assistants with realistic simulations.
How HookPhish helps
HookPhish email threat protection helps detect and report BEC attempts, while targeted simulations train your highest-risk roles to verify before they act.
Frequently asked questions
How is BEC different from phishing?+
BEC is a focused form of phishing that usually impersonates a specific trusted person and often has no malicious link, relying on authority and urgency to authorize fraud.
How do I prevent BEC?+
Verify financial requests out-of-band, require dual approval for payments, and train high-risk roles to recognize impersonation.
Who do BEC attacks target?+
Typically finance teams, executives and their assistants — anyone who can authorize payments or access sensitive data.
Security training designed for people. Built for enterprise.
Learn how HookPhish can effortlessly transform your security program and reduce your human cyber-risk.
Fill out the form to schedule a 30-minute chat with a product expert. We'll discuss the challenges you want to solve, walk through HookPhish, and answer any questions.
Book a personalized demo
Looking to become a partner? Use this form instead.