Business email compromise (BEC) scams
Business email compromise uses impersonated executives or vendors to redirect payments and wires to attacker accounts.
Quick answer: Urgent, secret payment or 'changed bank details' requests must be verified through a known channel.
How business email compromise (bec) scams work
An email (or deepfaked call) appears to come from a CEO or supplier requesting an urgent, confidential payment.
Vendor 'bank detail change' requests redirect legitimate payments to the attacker.
Authority, urgency, and secrecy are used to bypass normal approval checks.
Common opening lines
- “Process an urgent confidential wire before end of day - keep it between us.”
- “Our bank details have changed; send the payment to the new account.”
- “I'm in a meeting - handle this payment now.”
Example patterns
Sanitised examples - placeholders only, never real links or data.
Example only: This is the CEO. Process an urgent confidential wire to this account before end of day.
Example only: Vendor bank details changed; send the wire to the new account.
What the scammer wants
- A wire/payment to attacker accounts
- Redirected vendor payments
- Secrecy to avoid approval checks
Where it spreads
Platforms: Email, Video call
Watch especially in: United States, United Kingdom
Red flags
- fake authority
- urgency
- payment request
- sender mismatch
What to do now
- Stop paying and keep the deal/communication on official channels.
- If money moved, contact your bank or payment provider immediately.
- Save evidence and report to your national cybercrime authority.
What not to do
- Don't pay a fee to receive money, a refund, a prize, or to 'release' funds.
- Don't pay via gift cards, wire, or crypto to someone you haven't verified.
- Don't trust payment screenshots as proof of payment.
If you already responded
If you went further: if you clicked, don't enter anything and change any details you typed; if you entered card details, freeze the card with your bank; if you shared an OTP, change the password and enable app-based 2FA; if you paid, contact your bank or provider immediately; if you installed an app or gave remote access, disconnect, uninstall, and change passwords from a clean device.
How to verify safely
Confirm any payment or bank-detail change via a known internal contact and your normal approval process - never reply-to the email alone.
How to report
Report through official channels you find yourself - never a number or link from the message. Tell your bank or payment provider if money moved, and file with your national fraud or cybercrime body. Find the right links in the reporting directory. Open the reporting directory.
Watch for 'recovery' offers afterwards: anyone promising to get your money back for an upfront fee is running a second scam.
Related scam messages you can check
- PayPal invoice email Suspicious
- PayPal invoice scam Likely scam
- deepfake CEO wire transfer message Likely scam
Related platforms
Report in your country
Related red flags
Emergency guides
Related terms
Sources checked
- FBI IC3 - Senior US officials impersonated in malicious messaging campaign (2025)
- FTC Consumer Advice - Imposter scams
Frequently asked questions
How do I verify a CEO/vendor payment request?
Confirm via a known internal channel and your normal approval process. Never wire funds on an urgent, secret email request alone.
Last reviewed: 2026-06-05
This is general safety information, not legal, financial, or cybersecurity incident-response advice. We can't detect every scam or guarantee recovery - always verify through official channels.