---
title: "Business Email Compromise | Phish Protection"
description: "Business Email Compromise: BEC, also known as CEO impersonation, is defined as &#34;a form of phishing attack where a cybercriminal impersonates an executive and."
image: "https://phishprotection.com/images/og-default.png"
canonical: "https://phishprotection.com/business-email-compromise/"
---

#  Business Email Compromise 

## **Business Email Compromise (BEC) Protection**

### **Phish Protection Technology Protects Against BEC**

**What is business email compromise (BEC)?**

BEC, also known as CEO impersonation, is defined as “a form of phishing attack where a cybercriminal impersonates an executive and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher.” BEC attacks usually begin with a cybercriminal successfully phishing an executive to gain access to their email inbox.

Often times malware or ransomware intrusions immediately precede a BEC incident. Those intrusions are usually facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link.

![Business Email Compromise What Is It 1](https://media.mailhop.org/phishprotection/images/2019/01/business-email-compromise-what-is-it-1.png) ![Types Of Bec 2](https://media.mailhop.org/phishprotection/images/2019/01/types-of-bec-2.png) 

### **There are actually five forms of BEC**

According to the FBI’s Internet Crime Complaint Center (IC3), there are five main scenarios by which BEC is perpetrated.

**Bogus Invoice Scheme** When a business, which has a long standing relationship with a supplier, is requested to wire funds for invoice payment to an alternate, fraudulent account.

**CEO fraud** When the compromised email account of a high level executive is used to request a wire transfer to a fraudulent account.

**Account compromise** When an employee of a company has their email account compromised and it’s then used to request repayment of an invoice by a customer to a fraudulent account.

**Attorney impersonation** When victims are contacted by fraudsters identifying themselves as lawyers and are pressured into transferring funds to a fraudulent account.

**Data theft** When fraudulent e-mails are used to request either wage or tax statement (W-2) forms or a company list of personally identifiable information (PII).

### **BEC is a growing problem even for small businesses**

According to the IC3, “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”

Account compromise is the most common type with smaller businesses since it requires a billing structure that is managed primarily through email. The bottom line is just because you run a small business doesn’t mean you’re not susceptible to BEC.

![Bec Small Businesses 1](https://media.mailhop.org/phishprotection/images/2019/01/bec-small-businesses-1.png) ![Tools Target Victims 1](https://media.mailhop.org/phishprotection/images/2019/01/tools-target-victims-1.png) 

### **Tools used to target and exploit victims**

Hackers which engage in BEC use a variety of techniques to target and exploit their victims. They include the following:

- **[Spoofing](/content/domain-name-spoofing/):** using an email address that looks like a legitimate email address and tricks the victim into thinking it came from someone it didn’t.
- **[Spear phishing](/spear-phishing-attack/):** using an email to target a specific individual in a company to obtain confidential information to be used in one of the BEC scenarios.
- **[Malware](/products/malware-and-ransomware-protection/):** secretly installing malicious software on the victim’s computer to infiltrate a company’s network and gain access to confidential information to be used in the BEC scam.
- **Social engineering**: using psychological manipulation to get targets to divulge confidential information that will later be used in [BEC](/content/business-email-compromise/).

### **Preventing BEC requires advanced technology**

The techniques used to perpetrate BEC can be mitigated with Phish Protection’s advanced phishing technology. To prevent [domain name spoofing](/content/domain-name-spoofing/), Phish Protection creates a customized list of domain names that could potentially be used to spoof your email and adds them to a blocked list so your employees never receive them.

To provide [phishing and **malware** protection](/products/malware-and-ransomware-protection/), Phish Protection scans all email attachments for threats including executable files and files with embedded macros and scripts. Suspicious attachments are quarantined so end users are never given the chance to open them.

Most spear **phishing attacks** begin with a malicious link embedded in an email. Phish Protection [protects against spear phishing](/content/spear-phishing-protection/) by checking all embedded email links. They are checked not only upon arrival, but every time they’re clicked.

![Preventing Bec 1](https://media.mailhop.org/phishprotection/images/2019/01/preventing-bec-1.png) 

### Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7\. On any device. With features you’d expect in more expensive solutions:

**All Plans Come With**

- Stops business email compromise (BEC)
- Stops brand forgery emails
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from web-based console

### Join 7500+ Organizations that use Phish Protection

[ 60-Day Free Trial ](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection)

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes

![Sys Admin1](https://media.mailhop.org/phishprotection/images/2020/03/sys-admin1.jpg) ![Itprofessional1 E1585030432965](https://media.mailhop.org/phishprotection/images/2020/03/itprofessional1-e1585030432965.jpg) ![Directorofit1](https://media.mailhop.org/phishprotection/images/2020/03/directorofit1.jpg) 

## Protect your inbox from phishing attacks

Start your 60-day free trial - no credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"21","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/phish-protection/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"Article","headline":"Business Email Compromise","description":"Business Email Compromise: BEC, also known as CEO impersonation, is defined as \"a form of phishing attack where a cybercriminal impersonates an executive and.","url":"https://phishprotection.com/business-email-compromise/","dateModified":"2023-07-26T07:30:46.000Z","author":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection"},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/phishprotection-logo.png"},"description":"Enterprise-grade email security that protects businesses from phishing, ransomware, and email fraud with real-time threat detection and multi-layered protection.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://phishprotection.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897912","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Ransomware Protection","Business Email Compromise","Time of Click Protection","Advanced Threat Defense","Email Fraud Prevention","Phishing Awareness Training","Office 365 Email Security"]},"image":"https://media.mailhop.org/phishprotection/images/og-default.png"}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Business Email Compromise","item":"https://phishprotection.com/business-email-compromise/"}]}
```