PlumBot: Bot: Creating new article from JSON

2026-03-10T04:42:40Z

Bot: Creating new article from JSON

New page

📧 '''Business email compromise (BEC)''' is a form of [[Definition:Social engineering | social engineering]] fraud in which an attacker impersonates a trusted party — a CEO, vendor, or business partner — through manipulated or spoofed email to trick an employee into transferring funds, diverting payments, or disclosing sensitive information. Within the [[Definition:Cyber insurance | cyber insurance]] market, BEC ranks among the most frequent and costly causes of [[Definition:Claim | claims]], often exceeding [[Definition:Ransomware | ransomware]] in aggregate [[Definition:Loss | loss]] dollars because the attacks are simple to execute and notoriously difficult to detect before money has left the victim's account.

⚙️ A typical BEC attack begins with reconnaissance: the threat actor studies an organization's email patterns, identifies key personnel, and either compromises a legitimate email account through [[Definition:Phishing | phishing]] or registers a look-alike domain. The attacker then sends an urgent, convincing message — often referencing a real transaction in progress — directing the recipient to wire funds to a fraudulent account. Because the fraud relies on human behavior rather than malware, traditional [[Definition:Cybersecurity | cybersecurity]] tools may not flag it. [[Definition:Cyber insurance | Cyber policies]] typically cover BEC under [[Definition:Social engineering coverage | social engineering]] or [[Definition:Funds transfer fraud | funds transfer fraud]] endorsements, though coverage limits, sub-limits, and verification-procedure requirements vary significantly among [[Definition:Insurance carrier | carriers]]. Some [[Definition:Crime insurance | crime insurance]] and [[Definition:Fidelity bond | fidelity]] products also respond to BEC losses, creating potential overlaps that require careful policy coordination.

🔍 For [[Definition:Underwriter | underwriters]], BEC exposure is a key variable in [[Definition:Cyber risk | cyber risk]] assessment. During the [[Definition:Application | application]] and [[Definition:Underwriting | underwriting]] process, carriers routinely ask about multi-factor authentication on email accounts, dual-authorization procedures for wire transfers, and employee training programs — controls that materially reduce BEC frequency. The FBI's Internet Crime Complaint Center has reported BEC losses in the billions of dollars annually, and that trajectory keeps the peril at the center of [[Definition:Pricing | pricing]] and [[Definition:Loss ratio (L/R) | loss ratio]] discussions across the cyber insurance market. As attackers refine tactics using generative [[Definition:Artificial intelligence (AI) | AI]] to craft more convincing messages, the interplay between BEC prevention and insurance coverage will only intensify.

'''Related concepts'''
{{Div col|colwidth=20em}}
* [[Definition:Cyber insurance]]
* [[Definition:Social engineering coverage]]
* [[Definition:Funds transfer fraud]]
* [[Definition:Phishing]]
* [[Definition:Crime insurance]]
* [[Definition:Ransomware]]
{{Div col end}}

Definition:Business email compromise (BEC) - Revision history

PlumBot: Bot: Creating new article from JSON