Business Email Compromise. How It Actually Happens.

Business Email Compromise (BEC) is responsible for billions in losses every year. Not because attackers are especially clever — but because email is still trusted far more than it deserves to be.

The following examples are real. Public. Documented. Different industries, different countries, same underlying mechanics. If it happened to them, it can happen to you.

Pattern 1. Executive impersonation & gift card fraud

This is the lowest-effort, highest-success BEC pattern. The attacker impersonates a senior executive and relies on authority and urgency to bypass skepticism.

The request is intentionally informal. No attachments. No links. Just a short email: “Are you available?” or “I need a quick favor.” Once the employee replies, the scam escalates.

Gift card scams — According to the Better Business Bureau, reports of gift card scams increased by over 50% in a single year. Employees were instructed to buy gift cards and email the codes back, completing the fraud instantly.
Snapchat payroll breach — An attacker impersonated CEO Evan Spiegel, convincing employees to disclose payroll information. No money was stolen directly — but employee identities were compromised.

Pattern 2. Vendor & invoice fraud

Vendor Email Compromise (VEC) targets accounts payable and finance teams. Attackers impersonate real vendors, often during ongoing projects, and request changes to banking details.

Ubiquiti Networks — $46.7M
Employees received emails impersonating vendors with realistic wire instructions. Funds were sent overseas and quickly laundered.
St. Ambrose Catholic Parish — $1.75M
Fraudsters claimed the church’s construction firm changed bank accounts. The parish wired funds directly to criminals.
Treasure Island Homeless Charity — $625K
Hackers impersonated the executive director and altered legitimate invoices.
Save the Children — $1M
An employee inbox was compromised and used to send fraudulent invoices internally.
Eagle Mountain City, Utah — $1.13M
Vendor impersonation emails led to a fraudulent wire transfer.
Grand Rapids Public Schools — $2.8M
Insurance payments were redirected after attackers accessed a school employee’s email.
North Carolina church — $793K
A spoofed email address differing by one character diverted construction funds.
Children’s Healthcare of Atlanta — $3.6M
A CFO impersonation convinced accounts payable to change bank details.

Pattern 3. High-profile corporate fraud

Large organizations are not immune. In fact, complex payment workflows often create more opportunity.

Facebook & Google — $121M
Evaldas Rimasauskas impersonated a hardware vendor, sending convincing invoices that resulted in urgent wire transfers.
Toyota — $37M
Attackers posed as a trusted business partner of a subsidiary, sending payment requests that matched real business activity.
Scoular Co. — $17.2M
During an acquisition, a controller followed fraudulent email instructions referencing real deal details.

Pattern 4. Government & education targets

Public institutions often lack multi-layered verification and rely heavily on email for approvals.

Pattern 5. Organized BEC operations

BEC is no longer opportunistic. Groups like SilverTerrier targeted over 50,000 organizations across 150 countries, monitoring conversations and inserting themselves at the right moment.

Why BEC keeps working

No malware. No exploits. Just trusted processes executed faithfully.

Email remains a single point of failure for finance, procurement, and executive communication.

How we help prevent BEC

We help organizations identify BEC exposure before money is lost. That includes email infrastructure audits, financial workflow reviews, verification controls, and early compromise detection.

If you want to understand how vulnerable your organization is — or how to reduce that risk without disrupting operations — contact us.

← Go to main page