Business Email Compromise (BEC)
Also known as: BEC, Email account compromise
Business email compromise (BEC) is a fraud in which attackers gain access to or impersonate a corporate email account to trick employees, customers, or partners into transferring money or data. Stolen email credentials from infostealers are a common enabler.
What is BEC?
BEC attacks abuse trusted business email relationships. After compromising or spoofing an executive or finance account, attackers send convincing requests for wire transfers, invoice changes, or sensitive data. BEC consistently ranks among the costliest categories of cybercrime.
How infostealers enable BEC
Infostealers capture saved email and webmail credentials and session cookies, giving attackers direct, authenticated access to corporate mailboxes — the foothold needed to run a convincing BEC scheme from inside a real account.
VantaPrism surfaces compromised email credentials and sessions from infostealer logs, enabling teams to secure mailboxes before they are weaponised for BEC.
Check Your Exposure arrow_forwardFrequently Asked Questions
How do attackers get into email accounts for BEC?
Related Terms
Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…
Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…
Phishing is a social-engineering attack that deceives victims into revealing credentials or running malware, usually…
Cookie theft is the stealing of browser cookies — especially authenticated session cookies — so attackers can imperso…