Defaults.Exposed › Glossary › Business Email Compromise (BEC)

Business Email Compromise (BEC)

Also known as: BEC, CEO fraud, invoice fraud, payment redirect scam

BEC is a scam where criminals use email impersonation to trick your staff or customers into sending money or changing bank details — and tightening your domain's email settings shuts down a key way they pull it off.

What it is

Business Email Compromise is a scam built around trust in email. A criminal impersonates someone the target trusts — the owner, the finance person, a known supplier — and uses that disguise to get money moved or bank details changed. There’s no smash-and-grab; it relies on a convincing message arriving at the right moment.

Common forms: a fake “urgent payment” request that looks like it’s from the boss, or a fake invoice “from a supplier” with new bank details that quietly belong to the criminal.

Why it matters to your business

BEC is one of the costliest scams there is, precisely because it targets normal business behaviour: people paying invoices and following instructions from their boss. A single successful one can drain a real payment straight to a criminal, and the money is often gone for good.

It hits small and medium businesses hard — you have real money flowing, but usually no large security team double-checking every request. When the email genuinely appears to come from your own domain, even careful staff get caught.

How to tell / what to do

You can’t switch off greed, but you can remove one of the criminal’s best tools — the ability to send email that truly looks like it’s from your domain. Locking down DMARC (set to reject), plus SPF and DKIM, stops attackers spoofing your exact address. Pair that with a simple rule: verify any payment or bank-detail change by phone, using a number you already have. Check your domain free; the email fixes are free. Start with the DMARC fix guide.

Want to fix this on your own domain? See the free guide →