Business email compromise is fraud that abuses trusted business communication, especially email, to trick people into making payments, sharing data, or approving risky actions.
Business email compromise, often called BEC, is fraud that abuses trusted business communication, especially email, to trick people into making payments, disclosing sensitive information, or approving risky actions. In plain language, it is not just a suspicious message. It is a targeted attempt to manipulate real business process and trust relationships.
BEC matters because it targets the organization’s operational habits, not only its technology. Payment workflows, executive requests, vendor changes, and approval chains can all be abused if staff accept a fraudulent request as legitimate.
It also matters because BEC can succeed even without malware. A convincing message, a compromised mailbox, or a spoofed conversation can be enough to trigger financial loss or sensitive disclosure if process controls are weak.
BEC appears in finance operations, executive communications, vendor management, help-desk requests, and incident response. Security teams connect it to Phishing, Spear Phishing, Segregation of Duties, and Audit Log because defensive success depends as much on process design as on filtering suspicious messages.
Strong identity controls, approval separation, callback verification, and reviewable transaction records all reduce the chance that one deceptive message becomes a major loss.
A finance employee receives what appears to be an urgent message from an executive requesting a time-sensitive vendor payment to a new account. The request looks plausible and uses normal business language, but the core risk is that it manipulates business trust and process rather than exploiting a purely technical flaw.
BEC is not just a generic phishing email. Its defining feature is the abuse of real business process and trusted communication to drive a financial or operational outcome.
It is also different from Ransomware. BEC is typically about fraudulent approval or transfer behavior rather than system encryption or operational extortion through malware.