CT · NY · NJ · Stamford HQ

Business email compromise (BEC) is fraud that abuses trusted email relationships—often without malware. Attackers impersonate executives, vendors, or employees to redirect payments or steal sensitive data.

Typical patterns

  • Vendor bank detail “update” requests
  • CEO/CFO urgent wire instructions
  • Compromised real mailbox used to continue a thread
  • Payroll diversion for new hires or direct deposit changes

Controls that reduce BEC

  • Out-of-band verification for any payment destination change (phone call to a known number)
  • MFA on all mailboxes; monitor for forwarding rules
  • Dual control for wires above a threshold
  • Staff training focused on finance workflows—not generic “don’t click links” only

Want this applied to your environment?

Book a free 15-minute review. For a structured baseline, ImpetraInsights™ delivers multi-framework scoring and an executive-ready report.