Business email compromise (BEC) is a leading cause of fraudulent ACH and wire transfers from business deposit accounts — accounting for 73% of all reported cyber incidents in 2024 (Off-site), a sharp increase from 44% in 2023. BEC strategies generally are straightforward: criminals send an email message that appears to come from a known sender (Off-site) making what seems to be a legitimate payment request. According to a 2025 report, 79% of organizations were victims of payments fraud attacks and attempts in 2024. Top BEC tactics (Off-site) were third-party impersonation (63%), vendor impersonation (60%) and senior executive impersonation (49%).
Today’s BEC threats are more complex and dynamic than in the past — in part, due to more easily accessible data about victims and increasingly sophisticated schemes, such as deepfakes created with generative artificial intelligence (AI) that impersonate legitimate people.
More Info