Glossary / Fraud & scams
Business Email Compromise (BEC)
Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
How does business email compromise work?
In a BEC attack, the criminal either takes over a genuine mailbox using stolen credentials or spoofs one that looks almost identical. From inside a trusted thread, they send instructions that feel routine: pay this invoice, update these bank details, or release an urgent transfer before end of day. Because the message comes from a real or convincing address, staff rarely question it. A familiar Australian example is a finance officer who receives a reply within an existing email chain from what looks like their managing director, asking them to process a payment to a new account for a “confidential acquisition.” The tone, signature, and history all check out, so the payment goes ahead.
Why it matters for Australian finance teams
BEC is repeatedly flagged by the Australian Signals Directorate and Scamwatch as one of the most financially damaging cybercrimes reported by businesses, with average losses per incident among the highest of any scam type. Accounts payable and finance teams are the primary target because they can move money. The danger is that nothing is technically hacked at the point of payment: a person is deceived into authorising a genuine transfer.
How ezyshield helps
ezyshield removes the reliance on trusting an email instruction. Before a payment is authorised, it verifies the person, the business through ABN and ASIC checks, and ownership of the bank account, so a compromised or spoofed mailbox cannot quietly redirect funds. Any change to payment details forces re-verification instead of blind approval, and every step is recorded in an append-only audit trail that is never edited or deleted. See how it works and payment redirection fraud.
Also known as: BEC, email account compromise
Last updated: 7 July 2026
Related terms
- Payment Redirection Fraud Payment redirection fraud is a scam where criminals trick a business into sending money to a bank account they control, usually by posing as a supplier and changing the payment details on an invoice.
- CEO Fraud CEO fraud is a scam where an attacker impersonates a senior executive, such as the CEO or CFO, to pressure staff into making an urgent payment or changing payment details.
- Email Spoofing Email spoofing is the forging of an email's sender details so a message appears to come from a trusted person or company, and is commonly used to make payment fraud look legitimate.
- Vendor Email Compromise (VEC) Vendor email compromise (VEC) is a scam where an attacker takes over or spoofs a supplier's email account to send fraudulent invoices or bank detail changes to that supplier's customers.
See also: Business email compromise , Payment redirection fraud , Accounts payable fraud prevention
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.