In plain English
BEC is one of the most financially damaging forms of cyber crime. Attackers either compromise a legitimate email account or create a convincing lookalike address and use it to request urgent wire transfers, change payment account details on invoices, or redirect employee payroll. Australian businesses lose hundreds of millions of dollars to BEC each year.
Full definition
BEC attacks often begin with to compromise an executive's email account. The attacker then monitors the account silently for weeks, learning about upcoming transactions, supplier relationships, and internal processes before striking.
Common BEC scenarios include: CEO/CFO fraud (fake executive requesting urgent transfer), supplier impersonation (changing bank details on a legitimate invoice), payroll diversion (requesting HR to update direct deposit details), and attorney impersonation (fake legal pressure to transfer funds quickly).
Prevention measures include: implementation to prevent domain spoofing, email security policies that flag external-only display-name matches, callback verification procedures for payment changes, and regular BEC awareness training for finance staff.