Business Email Compromise (BEC)

What Is Business Email Compromise?

Business Email Compromise (BEC) is one of the costliest scams targeting UK companies. Criminals impersonate executives, vendors, or trusted partners to trick employees into transferring money, revealing data, or changing payment details. The FBI reports BEC causes billions in losses globally, with UK businesses being prime targets.

Example 1: CEO Fraud (Payment Diversion)

From: john.smith@company-group.co.uk [Actually: john.smit@company-group-uk.com]

Subject: Urgent: Wire Transfer Required - Confidential

Body: "Hi, I need you to arrange an urgent wire transfer of £250,000 to our US supplier account. Please process this immediately and keep it confidential. Don't involve the finance director. I'll follow up with payment details."

Impersonation: Sender address nearly identical to real CEO email (one letter different)
Urgency and secrecy: "Urgent", "immediately", "keep confidential" bypass normal procedures
Authority abuse: Instructs employee to exclude finance team
Large amount: Six-figure transfer appears in single email
Payment details later: Vague about recipient to prevent verification

Action: Always verify large payments via phone call to the CEO's known number (from internal directory, not email). Check bank details via established channels.

Example 2: Vendor Invoice Fraud

From: accounts@supplier.co.uk [Actually a spoofed lookalike domain]

Subject: Payment Required - Invoice 2026-03-445

Body: "Please find attached our invoice for March services. Payment due immediately to the following bank details: [Different account details]. Please acknowledge receipt."

Domain spoofing: Sender domain looks legitimate but is fake
Matches process: Uses correct invoice numbering scheme
Changed details: New bank account provided without explanation
Pressure: "Payment due immediately" bypasses verification
Attachment: PDF invoice may be fake or designed to distract

Action: Always verify payment details with the vendor through established contact methods (phone number from invoice header, not from email).

Example 3: HR/Payroll Fraud

From: hr-director@company.co.uk [Actually a typosquatter domain]

Subject: Urgent: Update Employee Tax Details

Body: "Please process urgent payroll changes for the following employees. Confidential - do not discuss with anyone. New bank details attached in spreadsheet."

Executive impersonation: Claims HR authority
Data request: Asks for sensitive employee banking details
Secrecy instruction: "Confidential - do not discuss" isolates the victim
Attachment with data: Contains spreadsheet with targeted employee names
Payroll redirection: Actual goal is to redirect employee wages to scammer account

Action: All HR/payroll changes must be verified directly with HR through known channels. Use multi-person approval for any banking detail changes.

Red Flags for BEC Scams

Nearly identical sender address (one letter different from legitimate)
Unusual urgency combined with secrecy instructions
Deviation from normal process (unusual payment request, different bank account)
Requests to bypass controls ("Don't involve finance", "Keep this confidential")
Large financial amounts in unsecured emails
Unusual tone or writing style compared to normal emails from that person
External email addresses used for internal communications
Out-of-office messages (indicates account compromise during holiday)

Business Email Compromise Statistics

Average loss per BEC incident: £100,000+
UK businesses lose millions annually to BEC scams
Success rate drops 90% with verification procedures
90% of BEC scams succeed on first attempt if no protocols exist
Criminals research companies for weeks before attacking

Protect Your Business with BEC Prevention

Technical Controls

Email authentication: Implement SPF, DKIM, DMARC
Domain monitoring: Track lookalike domains registered by attackers
Email filtering: Flag external emails with internal display names
MFA enforcement: Multi-factor auth on all executive email accounts
Security awareness training: Regular staff training on BEC tactics

Process Controls

Dual approval: All payments above threshold require two approvals
Out-of-band verification: Phone call to known number before bank changes
Payment change protocol: Require 3-day waiting period for new supplier bank details
Vendor notification: Call vendors about payment changes before sending money
Segregation of duties: Different people request, approve, and process payments

If You Discover a BEC Attack

Stop the payment immediately if not yet processed
Contact your bank if money was transferred
Change all email passwords for compromised accounts
Enable MFA on all compromised accounts
Notify Report Fraud: reportfraud.police.uk
Report to Cyber.gov.uk for business cyber incidents
Engage incident response team if data was compromised

Secure Payment Processing with VPN

When processing payments remotely or on public networks, use NordVPN to secure your connection and protect sensitive financial data.

Affiliate disclosure: as a NordVPN partner, ScamSupport may earn a commission if you sign up via this link — this doesn't change our recommendation or the price you pay. Full affiliate policy →

Get NordVPN for Business

Paste a suspicious message to scan

The Scam Message Scanner runs entirely in your browser. Your message is never sent to SignalTools or anywhere else. Paste the suspicious email or SMS below, including any sender details and links, then tap Scan message.

Suspicious message text

Scanner methodology validated across 351 cases spanning 7 UK scam categories — macro precision 98.5%, recall 98.5%, F1 98.5%. Methodology brief. Output is informational only: always verify the sender independently before clicking links, sharing details, or making payments.

Use the Scam Message Scanner →