← All posts
May 21, 2026 · 3 min read

What Is Business Email Compromise (And How to Protect Your Company)

Business email compromise is the most expensive fraud facing small businesses today. Here is how the scam works and the practical steps that stop it.

If you run a small business, the single most expensive fraud you are likely to face is not a hacker breaking into your systems. It is a convincing email. Business email compromise, usually shortened to BEC, costs companies billions of dollars a year, and small businesses are a favorite target because they rarely have the controls that larger firms do.

The good news is that once you understand how it works, BEC is one of the more preventable frauds out there.

How the scam works

In a typical BEC attack, a fraudster either spoofs or gains access to a trusted email account, often a vendor, an executive, or someone in accounting. They then send a request that looks completely routine: an updated invoice, new banking details for an existing supplier, or an urgent payment the boss needs handled quietly.

Because the request comes from a familiar name and matches a payment you were already expecting, it sails through. The money goes to the fraudster's account instead of your real vendor, and by the time anyone notices, it is often gone.

The defining feature of BEC is that nothing looks broken. There is no malware, no obvious phishing link. It exploits trust and routine, not technology.

The most common variations

  • The vendor swap. A long-time supplier emails new banking details. The next invoice, paid as usual, goes to the wrong account.
  • The CEO request. Someone impersonating the owner asks accounting to wire funds urgently, often while the real executive is traveling and hard to reach.
  • The payroll diversion. An email that appears to come from an employee asks to change their direct deposit account.

Practical steps that actually stop BEC

You do not need enterprise security to defend against this. A few habits stop the large majority of attacks.

  • Verify banking changes by phone. If a vendor sends new payment details, call them on a number you already have, not one from the email. This single habit defeats most vendor-swap attacks.
  • Slow down on urgency. Fraudsters manufacture time pressure on purpose. A request that discourages you from double-checking is itself a warning sign.
  • Confirm executive payment requests in person or by a known channel. Never act on a wire request from an email alone.
  • Watch for new payment channels to known vendors. When a vendor you have always paid one way suddenly gets paid a different way, that change is the fingerprint of a BEC attack.

Where monitoring helps

Verification habits are your first line of defense, but they depend on people remembering to follow them every single time. That is where transaction monitoring adds a safety net.

Sherlock watches for the exact signature of a BEC attack: an established vendor suddenly being paid through a new channel, or a first-time large payment to an unfamiliar payee. When that pattern appears, Sherlock flags it so someone can verify before the money is gone, rather than discovering the loss weeks later on a statement.

Want a second set of eyes on your outgoing payments? See how Sherlock catches the patterns behind business email compromise.

Put a second set of eyes on your books

Sherlock monitors your transactions and flags anything worth a closer look — before it costs you.

Start your free scan →