Business Email Compromise (BEC)
A sophisticated scam where attackers impersonate executives or business partners via email to trick employees into transferring funds or sharing sensitive data.
Business Email Compromise (BEC) is one of the most financially damaging cybercrimes globally. Attackers either hack into or spoof a business email account — typically belonging to a CEO, CFO, or trusted supplier — and send fraudulent payment instructions to employees. Unlike mass phishing, BEC is highly targeted and relies on social engineering rather than malware.
Malaysian Impact
Malaysian businesses have reported losses exceeding RM 700,000 from single BEC incidents. Common tactics include fake invoice scams (where suppliers' payment details are changed to the attacker's account) and CEO fraud (where fake urgent payment instructions are sent to finance staff). Always verify payment changes via phone call to a known number.