.png&w=384&q=75){kind=small}
What is Business Email Compromise?
Business email compromise is when an attacker impersonates a senior executive — usually the CEO or CFO — to trick an employee into wiring money or sharing sensitive data. These attacks don't require any malware or hacking; they rely entirely on convincing someone that a fraudulent request is coming from their boss. The FBI reports BEC has caused over $50 billion in losses worldwide.
How a Business Email Compromise Attack Works
Study the organization's hierarchy
Attackers map out who reports to whom, who handles finances, and what the approval process looks like — all from LinkedIn, the company website, and SEC filings.
Compromise or spoof an executive's email
They either hack into the executive's actual email account or register a nearly identical domain (like sittadel.co instead of sittadel.com) to send messages that appear genuine.
Send an urgent financial request
The fake executive emails the finance team with an urgent, confidential wire transfer request — often timed to coincide with travel or a board meeting when the real executive is unreachable.
Collect and disappear
The wired funds are quickly moved through multiple accounts and often converted to cryptocurrency, making recovery nearly impossible if not caught within hours.
Real-World Example
A manufacturing company's controller received an email from what appeared to be the CEO requesting an urgent $800,000 wire transfer for a "confidential acquisition." The email came from a domain one letter different from the real one. The attacker knew the CEO was traveling internationally that week — information posted on the company's social media.
How AiVERSARY Detects Business Email Compromise Risk
AiVersary's reports map your organization's publicly visible hierarchy and identify which executives and financial staff are most exposed to impersonation. The report also scans for lookalike domains already registered by potential attackers and flags gaps in your email authentication (SPF, DKIM, DMARC) that make spoofing easier.
Is your organization exposed to business email compromise?
AiVERSARY scans your public footprint and identifies the exact data attackers would use against you. $499 per report.
Get Your Threat ReportRelated Terms
Spear Phishing
Spear phishing is a targeted email attack where criminals research a specific person and craft a message designed just for them. Unlike mass spam, these emails reference real details about your job, your colleagues, or recent company events to appear legitimate. They are the number one way attackers breach organizations today.
Whaling
Whaling is a form of phishing that specifically targets senior executives — the "big fish" in an organization. These attacks are highly personalized, well-researched, and designed to exploit the authority and access that come with leadership positions. Because executives can authorize large transactions, access sensitive data, and override security procedures, a single successful whaling attack can have catastrophic consequences.
Social Engineering
Social engineering is the practice of manipulating people into giving up confidential information or taking actions that compromise security. Instead of breaking through firewalls and encryption, attackers exploit trust, authority, urgency, and helpfulness — basic human instincts that no software patch can fix. It is the foundation of nearly every major breach.
Pretexting
Pretexting is when an attacker creates a fabricated scenario — a "pretext" — to trick someone into sharing information or performing an action they normally wouldn't. Think of it as method acting for criminals: they invent a believable character and situation, then play that role convincingly enough to bypass your team's natural skepticism. The quality of the pretext depends entirely on how much real information the attacker can gather beforehand.