AI gives superpowers to BEC attackers - Source: www.csoonline.com

Attackers use business email compromise to pretend to be company executives, vendors, or other trusted parties and trick employees into sending them money. AI makes these attacks more effective — but also puts new tools in the hands of defenders.

As much as it has been used to defend and make some taxing jobs easier, AI is also being extensively employed by attackers, helping them collect specific data that is used on business email compromise (BEC) attempts. AI is already getting better in deep research and with that making impersonation scams no longer as easy to identify and stop.

What is business email compromise BEC

Business email compromise refers to targeted, email-based cyberattacks that seek to trick victims into exposing company information or access to systems, handing over money or to perform other acts that negatively impact the business. This is done by impersonating a company executive, vendor, or other trusted partners.

The attackers carry out these impersonations by setting up fake but legitimate-seeming email addresses, social media profiles, or accounts on collaboration apps such as Slack, Teams, or Zoom. They can also spoof a real email address if proper security precautions are not set up or take over an actual email account via compromised credentials, malware, or other methods.

“We’re seeing more concern from CISOs about this,” says Gartner analyst Max Taggett. “A lot of organizations are seeing it firsthand. They see how much is getting through their email filters, and the tools that they currently use aren’t cutting it.”

The role of AI in business email compromise

Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible, such as right after a big deal closes and they’re expecting the payment request to arrive.

Attackers use social media platforms, corporate websites, industry publications, and even the websites of a company’s clients or vendors to get insights on personnel, corporate dynamics, and major events.

“What we see with BEC is that it’s a long game,” says Forrester analyst Jess Burn.

This kind of research takes time and requires decent English language skills since the targets are commonly in English-speaking countries. As AI gets better at deep research, this information-gathering stage gets easier and faster.

The next step is impersonation, which can involve creating look-alike email accounts, domains, social media accounts, or the exploitation of legitimate internal accounts. Attackers use automation to find and test relevant compromised credentials or create new accounts.

Finally, the fraudulent request step is the one where the latest generation of AI really shines. A message that asks for a large amount of money will automatically draw increased scrutiny from a recipient.

The days of being able to easily spot a scam because of poor grammar or broken English are quickly coming to an end. According to KnowBe4’s March phishing report, 83% of phishing emails sent in the six months between September 2024 and February 2025 used AI, up 54% compared to last year. KnowBe4 analyzes data from 13.2 million users from 31,000 organizations.

“The old advice banks used to give is that if you receive a phishing email, look out for bad grammar, look out for bad language,” says Dan Holmes, director of fraud, identity and market strategy at Feedzai, an AI-native fraud prevention platform. “The joke was that in the Netherlands, you never got phished because nobody could write Dutch. That’s no longer valid.”

According to Feedzai’s May AI fraud trends report, 60% of financial industry professionals say they’re seeing criminals use generative AI for voice cloning, 59% are seeing it used for phishing attacks and text message, 56% say they’re seeing it used for social engineering and 44% for deep fakes.

“One of the big challenges in the voice cloning space is that you can take a ten-second audio of someone’s voice and a bad actor can duplicate that voice,” says Holmes. “CEO scams are a great example — a call comes in, says, ‘I need you to do this now, like go buy me a bunch of gift cards because I want to reward a bunch of colleagues.’ Or ‘I want to send a million dollars to that account now, let’s set that process up.’ Or ‘I’ve been kidnapped. I’m in trouble, send X dollars to this account’.”

Video takes that to another level, he says. “That’s going to enhance the probability of that CEO scam even further. Banks have seen this in the wild and see this as a big risk.”

And the scams can be more than a single message, but a long chain of communications, sometimes over multiple platforms, designed to develop trust so that the eventual payoff will be bigger.

In the past, this kind of work was extremely labor-intensive and only worth the effort for the most valuable targets, but that’s no longer the case. According to research released in late 2024 by Harvard Kennedy School and the Avant Research Group, fully AI-automated emails got a 54% click-through rate compared to a 12% click-through rate by traditional phishing emails. That was the same success rate as emails generated by human experts (54%). According to the data, this shows attackers can target more individuals at lower cost and increase profitability by up to 50 times.

A scary business email compromise (BEC) example

Last year we learned that an employee of Arup, a UK engineering firm, wired $25 million to fraudsters after attending a Zoom meeting with the CFO and several other colleagues who were known to the employee. Unfortunately, everyone else on the video call was an AI-generated deep fake. “The realistic visuals and audio, combined with the presence of multiple seemingly familiar senior figures discussing the transaction, ultimately convinced the employee of the request’s legitimacy,” Adaptive Security stated in a report.

That incident was a major wake-up call for everyone, but it’s not yet all that common because of how difficult it is to create real-time deep fake videos and organize the call.

“Audio is actually a lot more common and easier to pull off,” says Forrester’s Burn. It only takes a few seconds of audio to clone someone’s voice, and attackers can then use it in a phone call, or to leave a voice mail message, she says.

BEC attacks are often, but not always, characterized by a sense of urgency, a request to go outside of normal payment channels, or changes to where the payment is supposed to go. In some cases, the attackers may request gift cards or cryptocurrency, but this is rare.

According to the Verizon DBIR, it’s because employees are more suspicious when asked to make business payments using crypto as opposed to standard business payment channels like wire transfers. According to Verizon’s report, released in May, the median amount of money sent to BEC attackers was $50,000, and 88% of the payments were made by wire transfer.

BEC is also referred to as an email account compromise or targeted business email compromise. A BEC that involves a senior executive is also known as CEO fraud or executive impersonation. If the attack’s target is also a senior executive, it can be called whaling. BEC that involves a vendor is also known as vendor impersonation, invoice fraud or payment diversion.

BEC attacks often overlap with other types of attacks. They can start with a standard phishing email, or a targeted spear phishing attack. They could also involve credential theft and social engineering.

Spear phishing is a highly targeted phishing attack that could be the first point of compromise to a full-blown BEC incident.

Other types of BEC include attorney impersonation and payroll diversion. Attackers could also pretend to be IT support personnel.

Technical mitigation strategies

The first line of defense counts on automated tools that stop emails and other malicious communications from reaching the intended recipients.

Global email service providers and communication platforms are all working to reduce the amount of fraudulent and spammy emails. Not only are they a security threat, but transmitting these emails is an unnecessary expense — the more of them are stopped at the source, the better for everybody.

And carriers and providers are getting better at identifying them. Google, for example, claims to block nearly 15 billion unwanted emails a day, stopping over 99.9% of spam, phishing, and malware attempts.

Some of these efforts are bearing fruit. According to Zscaler’s 2025 ThreatLabz phishing report, released in April, phishing is down 20% globally, though the attacks are also getting more targeted, aiming directly at HR, finance and payroll teams.

The attackers are aware that AI is being used to analyze their emails and attachments. Zscaler found a group of attackers who found a clever work-around, adding text to the top of the malicious files instructing the LLM not to analyze the file because it “simply performs prime number generation.”

On the enterprise level, companies use secure email gateways (SEG) and integrated cloud email security (ICES) solutions, says Gartner’s Taggett. SEG steps in before the email reaches the inbox. The most popular product is Microsoft Defender for Office 365, but enterprises also use tools from Proofpoint and Mimecast, he says. SEG typically uses a combination of filters and machine learning.

SEG tools also check the authenticity of emails, by comparing the return addresses to company directors and known contacts, and by using protocols such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC).

Unfortunately, not everyone has support for these protocols, or uses them to their fullest extent. According to Red Sift, only 5% of domains have the highest level of DMARC security enabled, automatically blocking spoofed emails. But large public companies are ahead of the curve here, with 51% globally having this level of protection, and it’s even higher in the United States, at 79%. India is a close second with 74.4% followed by Australia with 73.5% and the Netherlands with 73.3%.

Still, that leaves many companies vulnerable. According to Taggett, full DMARC implementation can be complex for large organizations and can create false positives and disrupt business processes. “This is probably one of the most important projects that can be undertaken first,” he says. And not all email vendors are fully on board. “CISOs should make that part of their RFPs.”

ICES steps in after an email has arrived in the inbox and uses next-generation AI to look at the tone and content of the messages and can be a good second layer of defense. Vendors include Abnormal, Egress, Darktrace, Ironscales, and Perception Point, which was recently acquired by Fortinet.

Of course, protecting emails alone is no longer enough. “The trend has been to include collaboration apps in your security suite,” says Taggett.

Having authentication systems in place is a good first step. Is the person on the corporate Slack channel or Zoom call really who they say they are? “You need to clearly define what the approved channels are and secure them in some form,” says Taggett. And that means not using some platforms at all, he adds. “Signal, where I can’t have corporate visibility, won’t help me maintain visibility of the business process.”

Ensure processes exist and people are trained

Having the right technology in place is a critical part to thwarting BEC attacks, but it’s not enough. “There needs to be the right balance of tech and process,” says Forrester’s Burn. “You want technology with a high amount of efficacy to make sure these messages never even get in front of the users,” she says. “And if some do get in front of the end user, you hopefully have processes and training in place so that they ask questions and find someone else to run it past.”

If an organization’s email account is compromised and attackers are reading all the back-and-forth messages about an upcoming payment it is easier for them to jump in at the last minute with their fraudulent payment instructions. If the sender looks completely legitimate, and the contents of the email are exactly as expected, this could be very difficult to catch in an automated way.

Or it could be a compromised account from inside their own company. For example, if a message comes in from the IT help desk asking an employee to use their credentials to log in to some system the employee should double-check before clicking, Burn says. “And you should be rewarded for doing that.”

And then there’s the fact that emails can pass DMARC authentication but still be malicious. For example, Gmail will always pass DMARC, according to Burn.

Too often, anti-phishing testing creates a punitive culture. “Then nobody thinks they can do anything right and that creates a feeling of apathy.” And the training shouldn’t be limited to email, Burn adds. “Look at Teams and Slack. People assume that these are closed communication channels, but they’re often not. And, globally, a lot of business is done over applications that are not under security or IT’s authority or protection.”

AI can help on this end, as well, she says. If an employee gets a suspicious message and they contact IT, some companies are already using generative AI to close the loop. The AI can take a close look at the content of the message and its context. “That takes a lot of time for security analysts,” Burn says. But the AI can do the screening quickly. “And then it can say, ‘Good job, that looks suspicious, thank you for your efforts.’ Or it can say, ‘Thank you for being diligent, but we don’t believe it is malicious’.”