Business email compromise (BEC), also known as ‘CEO fraud,’ is one of the most expensive forms of cyberattack, yet companies continue to overlook it as a significant and active threat to their bottom lines.

Traditionally, BEC is defined as a sophisticated form of phishing that involves the criminal taking over the email account of a high-ranking executive and using it to conduct social engineering attacks on other employees. The ultimate goal is to steal money, often through fraudulent wire transfers.

While ransomware receives the lion’s share of attention, BEC-related theft can be just as expensive as a ransomware demand, if not more so.

According to IBM’s Cost of a Data Breach Report 2022, ‘BEC and phishing attacks led to the highest average breach costs--about $4.9 million per incident.’ The FBI reports that BEC scams have cost businesses over $43 billion globally since 2016, making it one of the most costly forms of attack used by cybercriminals.

Recently, a growing number of BEC-style attacks have been moving to communication platforms other than email, such as SMS, messaging apps, social media and collaboration platforms like Slack. Some hackers are even combining deepfakes with BEC tactics on video conferencing platforms.