← All glossary terms Glossary

What is Business Email Compromise (BEC)?

A scam where attackers take over or impersonate a business email account to redirect payments or steal sensitive information.

Business Email Compromise (BEC) is one of the most financially damaging categories of cybercrime — and it usually does not involve malware. The pattern: an attacker steals or impersonates a legitimate email account (often through phishing or MFA bypass), studies the inbox, then inserts themselves into a real financial conversation — changing wire instructions, redirecting invoices, or requesting urgent transfers. Detection requires monitoring inbox-rule changes, suspicious sign-ins, and the conversational patterns that indicate an attacker has taken over a mailbox.

Keep learning

Related terms

Managed Security Services Provider (MSSP)

A company that delivers ongoing security operations — monitoring, detection, response, advisory — as a service.

Read definition →

Managed Detection and Response (MDR)

A security service that combines continuous monitoring, threat investigation, and hands-on response into a single managed outcome.

Read definition →

Endpoint Detection and Response (EDR)

Security software on laptops, servers, and workstations that detects and stops attacks attackers run on the device itself.

Read definition →

Extended Detection and Response (XDR)

Detection and response across multiple security data sources — endpoints, email, identity, cloud — combined into one platform.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team