According to the 2025 AFP Payments Fraud and Control Survey Report, 63% of organizations were impacted by business email compromise (BEC) in 2024—making it the most common type of payments fraud reported in that year. This statistic underscores the increasingly sophisticated tactics cybercriminals use to exploit busy workplaces, pressure-filled payment environments and the trust that keeps business operations moving.
What is Business Email Compromise?
BEC is a targeted scam in which fraudsters impersonate a trusted individual—such as a company executive, employee, vendor, client or bank employee—to manipulate a business into sending funds or sharing sensitive information. Unlike broad phishing attempts, BEC is highly strategic. Fraudsters study their targets, understand approval workflows and craft messages that appear authentic.
According to the AFP report, the most common forms of BEC fraud in 2024 were:
Account takeover (ATO) schemes have become increasingly common. In fact, the FBI Internet Crime Complaint Center received more than 5,100 complaints reporting ATO fraud in 2025, with losses exceeding $262 million. These scams involve fraudsters impersonating bank employees—by email or phone—claiming they’ve detected fraud and need login credentials to reverse any “fraudulent” transactions.
This tactic aims to capture online banking access in order to initiate unauthorized payments. If you or your employees receive a request like this, never share your credentials and contact your bank directly through a known, trusted phone number.
How does BEC lead to financial loss?
BEC schemes focus on payment channels that move money quickly and are difficult to reverse. In 2024, the AFP report found that the most common payment methods used in successful BEC scams were wire transfers, ACH credits and checks.
With tight operational schedules and high transaction volumes, even a single moment of distraction can lead to significant financial loss.
Why is BEC so prevalent?
BEC remains a widespread phenomenon because it exploits human behavior rather than technological vulnerabilities. Cybercriminals understand that employees want to be helpful, responsive and efficient—and they craft their schemes to intentionally take advantage of those tendencies.
Other contributing factors include:
As long as email remains central to business communication, BEC will remain a persistent threat.
How can you protect your business?
The most effective defense against BEC is a layered approach that combines strong internal controls with ongoing education. Here are a few ways you can help prevent BEC from impacting your organization:
How can Busey help?
Our Treasury Management team partners with businesses to strengthen their defenses against BEC and other evolving fraud threats. While each company’s needs are unique, we offer a suite of tools and strategies designed to reduce risk across payment channels, including but not limited to:
At Busey Bank, we’re committed to helping your business navigate this new era of fraud. Together, we can protect what you’ve built, strengthen your defenses and give you peace of mind. Our Treasury Management team brings a wealth of expertise and experience to the table, offering tailored solutions designed to enhance your organization's security. To learn more about how Busey can help you safeguard your business, visit busey.com/treasurymanagement.
Your security is a top priority—and staying informed and cautious helps preserve your financial wellbeing. If you believe you’ve been the victim of fraud or a scam on a Busey account, contact our Customer Care team, reach out to your Relationship Manager, visit your local Banking Center to place a fraud alert on your account or follow these steps outlined by the FBI Internet Crime Complaint Center. For more information, you can also read our Fraud Prevention FAQs, check out our Fraud Prevention Toolkit or view this new resource on the latest and most common trends in payments fraud.