How Does BEC Lead to Payment Fraud? And What Can Businesses Do About it?

by | Jun 19, 2025 | Cyber Risk, Partner

Business Email Compromise

The blog below is written by one of our Cowbell Rx partners, SentinelOne. Learn More about how Cowbell and SentinelOne work together to deliver high-quality cybersecurity solutions to Cowbell policyholders. 

Business Email Compromise (BEC) leads to payment fraud through targeted deception, exploiting trust and communication channels within organizations. Here’s how it typically unfolds:

 

  1. Email Account Breach or Spoofing: Attackers gain access to a legitimate business email account (via phishing, malware, or stolen credentials) or create a spoofed email address mimicking a trusted employee, executive, or vendor. For example, an email from “prb@pbzcnal.pbz” might be faked as “prb@pbzcanl.pbz” to deceive recipients.
  2. Social Engineering and Reconnaissance: Using data from breached accounts, public records, or social media, attackers craft convincing messages. They study the organization’s workflows, vendor relationships, and employee roles to mimic communication styles and timing, making fraudulent requests seem legitimate.
  3. Fraudulent Payment Requests: Posing as a trusted party (e.g., CEO, CFO, or supplier), attackers send urgent requests to initiate payments or redirect funds. Common tactics include:
    1. Invoice Fraud: Sending fake invoices with altered bank details, claiming a vendor changed their payment account.
    2. Wire Transfer Scams: Impersonating an executive to instruct finance staff to wire funds for a “confidential” deal or urgent payment.
    3. Payroll Redirection: Tricking HR into updating an employee’s direct deposit details to the attacker’s account.
  4. Exploiting Trust and Urgency: Emails often emphasize urgency (“Pay this invoice today to avoid penalties”) or confidentiality (“Don’t discuss this transfer”) to bypass standard verification processes. Employees, trusting the sender’s identity, comply without scrutiny.
  5. Funds Transferred to Attacker-Controlled Accounts: Once the payment is made—often via wire transfer, ACH, or cryptocurrency—it’s sent to accounts controlled by the attacker, typically overseas or through money mules, making recovery difficult.
  6. Covering Tracks: Attackers may delete sent emails from compromised accounts, delay detection by altering inbox rules, or use one-time accounts to vanish after the fraud.

Real-World Impact

  • Financial Losses: The FBI’s 2023 Internet Crime Report noted $2.9 billion in global BEC losses, with businesses losing millions per incident due to unrecoverable transfers.
  • Common Targets: Small to medium businesses, real estate firms, and supply chain companies are frequent victims due to less robust controls.
  • Sophistication: Advanced BEC attacks use AI to mimic writing styles or deepfake voice calls to reinforce email requests.

Prevention Tips

  • Verify Requests: Always confirm payment changes via phone or in-person, using known contact details, not those in the email.
  • Multi-Factor Authentication (MFA): Secure email accounts to prevent unauthorized access.
  • Training: Educate employees on recognizing phishing and BEC red flags, like urgent or unusual requests.
  • Segregation of Duties: Require multiple approvals for large payments.
  • Email Filters: Deploy tools to flag spoofed domains or suspicious email patterns.
  • Fraud Prevention Tools Tools like Secure Insight’s TruePay help prevent wire fraud losses by slowing down employee actions in making electronic payments and requiring all payment instructions to be verified through an interface with banks to confirm ownership and account details. For as little as $1.38 per search, it is the most affordable outsourced solution available to businesses of all sizes.

Related Posts

Cowbell Blog

Grow your cyber IQ with our insights into cyber insurance, cyber risk, and cyber security.

Categories

Brand Guidelines and Logo Usage

Download