What Is Business Email Compromise (BEC)? UK SME Guide

What Is Business Email Compromise?

Business Email Compromise (BEC) is a sophisticated type of cybercrime in which attackers impersonate a trusted person — typically a senior executive, supplier, or solicitor — to trick employees into transferring money or handing over sensitive data. Unlike mass phishing campaigns, BEC attacks are highly targeted and often involve weeks of research into the victim organisation before a single email is sent.

UK businesses lost an average of £109,000 per BEC incident, according to industry data. Nearly 30% of BEC incidents lead to a direct funds transfer fraud event, making this one of the most financially damaging cyber threats facing SMEs today.

Common Types of BEC Attack

CEO Fraud

The attacker impersonates the chief executive or another senior leader and sends an urgent email to a finance team member requesting an immediate bank transfer. The message typically claims the payment is confidential, time-sensitive, and should bypass normal approval processes.

Invoice Redirection

Attackers intercept or spoof supplier communications and notify the target that the supplier's bank account details have changed. Payments are redirected to an account controlled by the criminal. This is also known as mandate fraud.

Supplier Impersonation

Criminals register domains that closely resemble a genuine supplier's domain (for example, amvia-invoices.com instead of amvia.co.uk) and send convincing invoices or payment requests. The target has no reason to suspect the email is fraudulent.

Payroll Diversion

Attackers impersonate an employee and request that their payroll direct debit is updated to a new account. The next payroll run sends salary directly to the fraudster.

Why BEC Attacks Are So Effective

BEC attacks succeed because they exploit trust rather than technology. They do not rely on malicious attachments or links that security tools might detect. The emails look legitimate, come from plausible addresses, and are timed to coincide with real business events such as a supplier invoice being due or the CEO being away on travel.

• Attackers research LinkedIn profiles, Companies House records, and company websites to identify targets
• Emails are crafted to match the writing style of the person being impersonated
• Urgency and authority are used to discourage staff from following normal verification procedures
• Many attacks are carried out over weeks, building credibility before the final request

How to Prevent Business Email Compromise

Technical Controls

Deploying DMARC, DKIM, and SPF email authentication records prevents criminals from spoofing your domain to attack your customers or partners. Microsoft Defender for Office 365 includes anti-impersonation protection that flags emails where the display name matches a known executive but the sending domain does not. AMVIA deploys and manages these controls as part of its managed email security service.

Multi-Step Payment Verification

No payment instruction received by email alone should be acted upon without a secondary verification step. Call the requester on a known telephone number — not a number provided in the suspicious email — to confirm. This single procedural control prevents the majority of BEC attacks that reach the payment stage.

Staff Training and Awareness

Finance, HR, and senior PA staff are the most common BEC targets. Regular training helps staff recognise the hallmarks of BEC — urgency, secrecy, unusual requests, and pressure to bypass normal process. Simulated BEC exercises test whether staff apply verification procedures under realistic pressure.

How AMVIA Helps UK Businesses Prevent BEC

AMVIA deploys Microsoft Defender for Office 365 to detect BEC patterns including lookalike domain spoofing, impersonation of internal executives, and unusual sending behaviour. We configure DMARC policies to protect your domain from being used in outbound fraud. Our managed service includes ongoing monitoring, alerting, and staff awareness support — giving your business layered protection against one of the most costly threats in the UK today.