Rising Threat of Business Email Compromise Attacks in 2026

Rising Threat of Business Email Compromise Attacks in 2026

First seen 27 May 2026, 17:09 UTC Searchsecurity.Techtargetwww.npr.orgFeeds.Feedburnerwww.forbes.comwww.reuters.com+2 90% similarity 69.5

Article Content

Browse articles
ThreatCluster

Business Email Compromise (BEC) attacks are increasingly sophisticated, targeting organizations through tailored social engineering tactics. Recent data indicates that BECs account for 11% of email attacks, with an average incident costing $123,005. Attackers conduct extensive research to impersonate trusted individuals within organizations, exploiting internal trust dynamics. Internal impersonation BECs constitute 39% of all BEC incidents, with employee impersonation being the most common tactic. Notable historical examples include Meta and Google losing a combined $121 million due to BEC scams. The trend shows that smaller organizations are more susceptible to VIP impersonation, while larger enterprises face different impersonation tactics. Organizations are urged to enhance security awareness training to address these evolving threats.

Key Points: • BEC attacks exploit human psychology, leading to significant financial losses. • Internal impersonation accounts for 39% of BEC incidents, with employee impersonation being prevalent. • Smaller organizations are more vulnerable to VIP impersonation tactics compared to larger enterprises.

ThreatCluster AI

Timeline

2013-01-01
Meta and Google BEC attack
Cybercriminals impersonated a legitimate supplier, resulting in $121 million lost. Both companies recovered most funds.
Searchsecurity.Techtarget
2015-01-01
Ubiquiti Networks BEC attack
Attackers impersonated employees, leading to $46.7 million transferred in fraudulent payments.
Searchsecurity.Techtarget
2016-01-01
Fischer Advanced Composite BEC attack
Attackers impersonated the CEO, resulting in a €42 million loss, with most funds unrecovered.
Searchsecurity.Techtarget
2017-01-01
Save the Children BEC attack
Cybercriminals compromised an employee's email, causing a $1 million loss, with 90% recovered through insurance.
Searchsecurity.Techtarget
2026-05-27
2026 Attack Landscape Report released
Data from nearly 800,000 attacks reveals the evolving tactics of BECs tailored to specific organizations.
Feeds.Feedburner

Community

Browse all →