Business Email Compromise 101

BEC Remains A Persistent Threat For One Big Reason
– It’s Still Really Effective

According to the FBI’s Internet Crime Complaint Center (IC3), losses from BEC surpassed $1.8 billion in 2020 – an average of $93,000 per incident.

BEC is challenging to prevent, especially when vendors are compromised, but SpyCloud believes prevention begins with addressing the human attack surface, particularly the prevalence of poor password hygiene. When passwords are reused between employees’ or vendors’ work and personal accounts, credentials that have already been exposed in a data breach are fair game for use in BEC campaigns.

This report examines the very human problem of password reuse and the social engineering tactics used by criminals to dupe organizations. As this report explains, all it takes to steal from your business is a single compromised account.


Account Takeover Prevention
Detect and automatically reset exposed credentials before criminals can exploit them to bypass MFA and take over accounts.
Download the PDF version of the whitepaper to print or share with others.

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.


Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.