Eftsure Guarantee
Peace of mind you won't find anywhere else
Business Email Compromise (BEC) is one of the most financially damaging cyber threats facing organizations today. These attacks involve fraudsters impersonating trusted contacts, such as executives, suppliers, or internal staff, to trick employees into sending payments or confidential information.
BEC scams have become increasingly sophisticated, often slipping past traditional email security filters and targeting finance and accounts payable teams. As outlined in our guide to protecting your business from BEC attacks, the financial and reputational risks can be significant.
To help you stay informed and proactive, here are the key statistics that illustrate the scale and impact of BEC worldwide.
It accounted for the majority of total cyber-enabled financial losses.
It’s projected to grow at a CAGR of 22.4% through 2030.
This growth is driven by increasing demand for prevention tools.
Reflecting significant growth in the region.
BEC has become a staple method in email-based fraud.
Reflecting the growing sophistication of cyberattacks.
BEC was a frequent method used to exploit business email.
Scammers are increasingly infiltrating real email threads.
Attackers commonly use services like Gmail to spoof identities.
Indicating a short-term surge in attack frequency.
This makes it the second-costliest type of cybercrime reported.
This underscores the financial burden on insured organizations.
Healthcare was the hardest-hit industry by average cost.
For large businesses, disruption costs exceeded $26 million.
This reflects the scale of damage from individual scams.
This reflects the common payout target per incident.
This figure comes from law enforcement and financial institution reports worldwide.
This marks a continued year-over-year increase.
This figure includes both domestic and international incidents.
These include cases in business, government, healthcare, and education.
Business Email Compromise, or BEC, is a cybercrime where attackers impersonate someone trusted, like a company executive or vendor, to trick employees into sending money or confidential information. It usually happens over email and can be hard to detect.
Phishing often involves mass emails with generic messages. BEC is much more targeted. Attackers research their victims, monitor conversations, and sometimes gain access to real email accounts to make their messages appear legitimate.
Employees responsible for payments or sensitive communications are common targets. This includes finance teams, executives, and anyone who works with external vendors. Smaller businesses can be especially vulnerable if they don’t have strong security practices in place.
Red flags include urgent payment requests, last-minute changes to banking details, unusual timing (such as emails sent after hours), or email addresses that are slightly altered. The tone of the message may also feel out of place, even if the sender appears familiar.
Always verify changes to payment information through a separate communication method, like a phone call. Train employees to recognize suspicious behavior, and implement email security tools such as SPF, DKIM, and DMARC. Introducing multi-step approval for financial transactions also adds protection.
Respond immediately. Contact your bank to attempt to stop or reverse the payment. Report the incident to the appropriate cybercrime authority. In the United States, that would be the FBI’s Internet Crime Complaint Center (IC3). Acting quickly increases the chance of recovering funds.
Because they rely on trust. The emails often use real names, reference actual business processes, and appear to come from legitimate sources. This makes them difficult to detect, especially when they don’t contain typical scam indicators.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.