Business Email Compromise (BEC) Attacks


Business email compromise (BEC) is a type of cyberattack in which criminals impersonate a trusted individual or organization in order to trick employees into making fraudulent payments. BEC attacks are on the rise, and the median transaction size of a BEC attack is $50,000 according to the 2023 Verizon Data Breach Investigations report.


Here are some tips on how to prevent BEC attacks:

  • Be suspicious of emails from unfamiliar senders. If you receive an email from someone you don’t know, don’t click on any links or open any attachments. Instead, contact the person directly, using a method not included in the email, to verify that they sent the email.
  • Don’t click on links or open attachments in emails from known senders. Even if the email is from someone you know, it’s still possible that the email has been spoofed. If you’re not sure if the email is legitimate, contact the person directly to verify the link or attachment.
  • Verify the sender’s identity by calling them directly. If you receive an email that requests a payment, don’t just make the payment right away. Instead, call the person who sent the email to verify that they actually made the request.
  • Use strong passwords and two-factor authentication. Strong passwords and two-factor authentication can help protect your accounts from being hacked.
  • Keep your software up to date. Software updates often include security patches that can help protect your computer from malware.


If you think you have been the victim of cybercrime, it is important to report the crime to the authorities. You can report cybercrime to the FBI’s Internet Crime Complaint Center (IC3) at You can also report cybercrime to your local law enforcement agency.