Business Email Compromise: A Persistent Threat Demanding Smarter Defenses

June 12, 2025

Payment fraud is evolving—and Business Email Compromise (BEC) remains the most pervasive and costly tactic criminals use to exploit commercial organizations.

According to the 2025 AFP® Payments Fraud and Control Survey, 79% of businesses experienced payments fraud in 2024. Among those, BEC led the way—with a sharp rise in scams targeting ACH credits, surpassing wire transfers for the first time.

63% of respondents cite BEC as the number one avenue for fraud attempts.

What’s driving the increase?

The answer is twofold: more sophisticated tactics and broader attack surfaces. Fraudsters are now using AI-powered tools to craft convincing emails, hijack legitimate threads, and impersonate trusted vendors or executives. And with finance teams juggling increasing digital demands, a single click on a seemingly ordinary message can open the door to significant losses.

Fraudsters are evolving before our eyes- Vendor imposter fraud saw an 11% increase year over year- while third-party impersonation remained the most frequent type of BEC scam at 63%. This change is most likely due to organizations’ growing awareness of ‘classic’ BEC attempts 

What BEC Looks Like Today:

  • An email that appears to come from a known vendor requesting a change in payment instructions.
  • A spoofed executive message asking for urgent approval on a wire transfer.
  • A payroll diversion scheme where an employee’s bank details are fraudulently updated.
  • Lookalike domains or fake websites designed to fool even the most vigilant recipients.

118% increase in AI-generated phishing attempts

Payment Methods Utilized in Business Email Compromise

(Percent of Organizations Experiencing Payments Fraud)

Organizations that experience fraud pie chart

Why it matters to your business:

BEC scams don’t exploit technology—they exploit trust. And they often succeed not because of weak systems, but because of fast-paced decisions and overlooked red flags.

Six Smart Ways to Defend Against BEC:

  1. Always verify payment changes through a second channel. Call known contacts—not the number in the email.
  2. Use multi-factor authentication for payment platforms.
  3. Train your team to pause and question unusual requests—especially those marked urgent or confidential.
  4. Limit and monitor who can authorize and initiate payments.
  5. Keep employee and vendor contact records up to date—and audit them often.
  6. Adopt secure email solutions that include phishing and domain spoofing protection.

Conclusion

As BEC tactics evolve, organizations must remain vigilant and proactive in their defense strategies. By staying informed about emerging threats and implementing robust security measures, businesses can significantly reduce their risk of falling victim to BEC scams.

Reach out to your relationship team today to get help with assessing risk, implementing controls, and strengthening defenses across payment operations. Because when it comes to fraud, early action is your best protection.

Download the Article
Read About Business Email Fraud Prevention (PDF)
This article is for informational purposes only and is not intended as an offer or solicitation for the sale of any financial product or service. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. Please consult with the professionals of your choice to discuss your situation.