How to spot a Business Email Compromise BEC scam

Breaking the Chain of Trust: Defeating Business Email Compromise (BEC)

For security awareness professionals, Business Email Compromise (BEC) remains one of the most persistent and expensive threats in the landscape. Unlike a generic phishing blast, BEC is a surgical strike that exploits the very thing we try to build: trust and authority. By impersonating executives or trusted vendors, attackers bypass traditional filters to trick employees into making fraudulent payments or sharing sensitive data.

With the advent of AI and deepfakes, these impersonations have become incredibly convincing. Our role is to move beyond “don’t click links” and teach employees how to audit the context and process of every high-stakes request.

Guidance to Encourage in Your Training Programs

To harden your organization against BEC, your next training module or internal alert should prioritize these specific behavioral defenses:

• The “Secondary Channel” Mandate: This is the single most important rule. Any request to change payment instructions or wire funds to a new account must be verified through a secondary form of communication. Instruct employees to call a known, trusted number—not the one provided in the suspicious email.

• The “Visual Audit” for Look-Alike Domains: Scammers often use “typosquatting” to deceive the eye (e.g., using “rn” instead of “m” in a domain name). Teach your team to hover over the sender’s address and inspect the top-level domain for these subtle variations.

• Identify the “Email Only” Excuse: A common red flag in BEC is the sender claiming they are “traveling” or “in a meeting” and can only be reached via email. Advise your staff that this is a classic tactic used to prevent them from calling to verify the request.

• Scrutinize High-Pressure Urgency: Attackers rely on a manufactured crisis to short-circuit critical thinking. If an email from the “CEO” demands an immediate, confidential transaction, it should be treated as high-risk by default.

• Double-Check the “Two-Phase” Scam: Warn employees that sophisticated scammers may first change the contact information for a vendor and then, days later, change the payment info. Being diligent about every change—even seemingly minor ones—is vital.

• Foster an “Open Door” Reporting Culture: Encourage employees to flag “weird” requests immediately to IT or Security. Ensure they know that it is better to delay a transaction for verification than to rush a fraudulent payment.

By integrating these strategies, you help your team recognize that authority is no substitute for verification.

Read the full breakdown on spotting BEC scams here: How to spot a Business Email Compromise BEC scam