OUR LATEST INSIGHTS

Up to date, high-level business information that is relevant to our clients and contacts, helping keep up to date on the ver-changing business world of today.

Learn More

/ February 3, 2026

Be aware of Business Email Compromise

While we’re used to suspicious emails being filtered into spam in our personal lives, it can be more confusing when you receive a fraudulent or phishing email on your secured work account. However, in 2026, this sort of scam is going to be happening at an increasing rate.

In this issue of The Pulse, we’re looking at Business Email Compromise (BEC); what it is, how cybercriminals practice it, and what your organization can do to mitigate the risk.

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a tactic spammers use to target your organization’s money or data. It happens when a scammer, under the guise of fake or stolen credentials, tricks employees into giving financial or other sensitive information. It sounds easy to avoid, like any other phishing email scam, but they’re becoming more and more sophisticated.

How does it work?

According to SentinelOne, BEC scam usually “begins with a compromised or spoofed email account. Under the guise of a trusted vendor, or a company executive, scammers typically use stolen or false credentials to trick employees into giving up financial authorization or confidential information permissions.”

What sort of financial scams do these entail? Sometimes, it’s instructions for a wire transfer that may look legitimate. Sometimes, it’s requests for a gift card to be sent to an email address. Essentially, any action that leads an employee to “unknowingly commit fraud by sending funds directly to the attacker.” Once those funds are sent, they’re unrecoverable.

This can be an expensive problem.

A 2023 report by the FBI found that “a single successful BEC attack costs a business an average of $137,132.” As scam attempts have only increased since then, the cost has likely only grown as well. For most businesses, this sort of loss is devastating.

BEC is a form of social engineering.

Any time a cybercriminal has to use manipulation to exploit human error, it’s a form of social engineering. According to cybersecurity company KasperSky, “these ‘human hacking’ scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.”

Because the whole point of these scams is to take advantage of an employee’s lack of knoweldge, the best way your business can fight BEC attacks is by arming your staff with information. You can do this by:

  • Educating them about BEC scams
  • Implementing a policy to follow in the case of receiving fraudulent emails
  • Educating them about the actual process for financial authorization, so they’re aware it would never happen over email
  • Educating them about how to flag an email as suspicious

In conclusion…

Business Email Compromise (BEC) is a social engineering scam targetting business employees’ emails. It can be extremely costly, with little recourse for the victim. Educating yourself and your organization will go a long way in defending against this method of fraud.