The Rising Threat of Business Email Compromise

Cybercrime is evolving faster than ever, and Business Email Compromise (BEC) stands out as one of the most insidious threats. Unlike flashy malware attacks, BEC is a subtle, social engineering scam where fraudsters impersonate trusted figures — like CEOs, vendors, or partners — to trick employees into wiring funds, sharing data, or authorizing bogus transactions. The result? Massive financial losses, data breaches, and shattered reputations.

According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams racked up a staggering $2.9 billion in losses in 2023 alone, with an average hit of $137,000 per incident. Fast-forward to 2024, and BEC accounted for 73% of all reported cyber incidents, with losses soaring past $55 billion over the decade. What’s more alarming? A 13% spike in attacks in early 2025, fueled by AI-generated emails — now 40% of BEC phishing attempts — making them eerily polished and undetectable.

In addition, nearly 40% of ransomware attacks begin with a compromised email, exploiting poor habits like credential reuse across personal and work accounts.

Real-World Examples

Children’s Healthcare of Atlanta lost $3.6 million to fake invoices from a spoofed CFO in 2023.

The School District of Philadelphia saw $700,000 diverted in a vendor impersonation scheme in 2024.

Treasure Island (San Francisco), a nonprofit, was fleeced of $625,000 in a month-long BEC ploy.

These aren’t isolated incidents — they highlight how BEC preys on trust and rushed decisions, turning everyday emails into financial nightmares.

Don’t let BEC blindside your organization. Download myNetWatchman’s special report, “The Rising Threat of Business Email Compromise (BEC) Fraud” for in-depth insights, more case studies, and actionable strategies.

Download the Full Report →