# Business Email Compromise **MITRE ATTACK layer: Impact** Business Email Compromise is financial fraud in which an attacker impersonates a real person, usually an executive or finance staff, and convinces someone to send money or sensitive data voluntarily. It’s the abuse of organizational trust systems that just happen to run over email. ## How is Business Email Compromise abused Attackers use spoofed or compromised email accounts to trick the victims. No links, no malware. Modern BEC often involves long-term mailbox access, where attackers watch conversations, learn tone, then strike with perfect context. ## Why Business Email Compromise matters BEC matters because it turns everyday business behavior into an attack surface. Losses happen inside approved processes, so alerts don’t fire and recovery is rare. This makes BEC uniquely dangerous: it bypasses technical defenses and fails quietly until money is gone. ## Real-world example ### Caesars Entertainment The incident started with social engineering of IT support to reset credentials. With identity access, attackers exfiltrated sensitive customer and loyalty data, then pivoted to financial extortion, threatening public release. Caesars reportedly paid $15 million to avoid data disclosure, faced regulatory scrutiny, reputational damage, and follow-on lawsuits. [Source](https://www.cybersecuritydive.com/news/caesars-social-engineering-breach/695995/) ## Related topics ### Phishing [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/phishing.html) ### Whale Phishing [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/whale-phishing.html) ### Insider Threat [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/insider-threat.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)