A single fake invoice. That’s all it takes to drain thousands from your business account—and it often slips through without raising an eyebrow. One of the most costly and deceptive threats facing businesses today is Business Email Compromise (BEC), a scam designed to blend in, not stand out.
Disguised as a routine vendor payment or internal request, BEC has cost U.S. businesses billions in recent years. And while large corporations make headlines, small and midsize companies are often the easier—and more frequent—targets.
So, what exactly is BEC? And how can your accounts payable team spot the red flags before it’s too late?
The Scam: How BEC Works
Let’s walk through a scenario:
Your accounts payable specialist gets an email from your long-standing vendor, “Billings & Co.” It looks legitimate—same email signature, same tone, even referencing last month’s invoice.
But this time, the message says they’ve changed banks. They provide new account details and ask for the next payment—say $12,450—to be sent to the updated account ASAP to avoid late fees.
Everything checks out at first glance… until weeks later, Billings & Co. calls asking where their payment is.
You’ve just fallen victim to BEC.
In reality, a cybercriminal had spoofed your vendor’s email address—or worse, gained access to it—and inserted themselves right into the conversation. The fake account? It wasn’t theirs at all.
What Makes BEC So Dangerous?
- No malware or suspicious links – It’s not your typical phishing attack.
- It often looks like a real conversation – Because sometimes it is—just hijacked.
- High dollar amounts – These scams aren’t about stealing passwords; they’re about wiring real money.
How to Protect Your Business
1. Always verify payment changes offline.
If a vendor says they’ve changed their banking info, pick up the phone and call them using a number you already have on file. Never reply directly to the email.
Example: Your AP team receives a bank change request. They call the vendor’s known phone number and confirm that no changes were made. Payment is paused, and the fraud attempt is flagged.
2. Implement dual controls for outgoing payments.
Require a second person to review and approve wire transfers or invoice changes.
Example: An employee initiates a payment. A manager reviews the payment details—and notices a different account number from previous invoices. The transfer is halted, and the fraud is avoided.
3. Educate your team—especially finance.
BEC thrives on familiarity. Train your staff to be suspicious of unexpected requests, even when they seem routine.
Example: Use internal phishing simulations or include “What Would You Do?” scenarios in team meetings to keep awareness high.
4. Set up email authentication and filters.
Make it harder for cybercriminals to spoof your domain or sneak emails past filters. Talk to your IT provider about SPF, DKIM, and DMARC protocols.
Final Thought
BEC scams don’t just hurt your finances—they can erode trust, cause reputational damage, and shake confidence across your organization. But with awareness, processes, and the proper protections in place, your business can outsmart invoice imposters.
Have questions about securing your business transactions? Let’s talk—your financial peace of mind is our priority.