EncryptedTechnology: Texas Cyber Command (TXCC) FY 2026-27 Certification Pending Learn more →

Threat AwarenessNovember 3, 2025· 4 min read

Business Email Compromise: The $2.9 Billion Threat Hiding in Your Inbox

BEC is the most financially damaging form of cybercrime on record — and it requires no malware. Just a convincing email and an employee who does not know the warning signs.

By EncryptedTechnology Security Team

The FBI's Internet Crime Complaint Center (IC3) reported $2.9 billion in BEC losses in 2023 — more than any other category of cybercrime. Unlike ransomware, which requires technical sophistication and a delivery mechanism, BEC requires only a convincing email address, a well-written message, and an employee who has not been trained to recognize the warning signs.

The most common BEC scenario is deceptively simple: an attacker impersonates an executive — a CEO, CFO, or department head — and sends an urgent request to someone with financial authority. The request typically involves a wire transfer, change of payment account, or purchase of gift cards. The urgency is engineered to short-circuit normal verification procedures. The email looks legitimate. The losses are immediate and often unrecoverable.

The Four Warning Signs Every Employee Must Know

The Texas Cyber Command (TXCC) FY 2026-27 training requirements specifically mandate BEC awareness training, and for good reason. BEC attacks have become more sophisticated and more targeted — but they consistently exhibit four recognizable patterns that a trained employee can spot.

1. Forced Urgency

BEC emails almost always create artificial time pressure. "This needs to happen in the next 30 minutes." "The CEO is in a meeting and cannot be reached by phone — handle this now." "If we miss this wire, we lose the contract." Urgency is the mechanism that bypasses normal verification procedures. Any financial request that emphasizes speed over process should be treated as a red flag.

2. Unnatural Text and Phrasing

Even with AI-assisted writing, BEC emails often contain subtle language inconsistencies — slightly formal phrasing, word choices that do not match how the impersonated executive normally writes, or oddly structured sentences. Employees who communicate regularly with an executive often have an intuitive sense of their communication style. That intuition should be trusted and acted upon.

3. Repetitive Writing Patterns

BEC emails frequently repeat the same core request multiple times within a short message — often because the attacker is trying to overcome the recipient's hesitation through repetition rather than logic. Phrases like "as I mentioned" or "again, this is urgent" in a message that has not previously made that point are structural tells.

4. Unverifiable Details

Legitimate financial requests come with verifiable details — vendor names, invoice numbers, account information that matches existing records. BEC requests often involve new accounts, new vendors, or vague references to situations that cannot be independently confirmed. When details cannot be verified through existing records, that is not a process inconvenience — it is a warning sign that demands a phone call.

Verification Procedures That Stop BEC Cold

The single most effective defense against BEC is a mandatory verification procedure for all financial transactions above a defined threshold. This means calling the requester back on a known, previously established phone number — not responding to the email or calling a number provided in the suspicious message — to verbally confirm the request before acting.

This procedure seems simple, but it requires training to implement consistently. Employees who have not been explicitly taught this protocol may feel awkward or overly cautious calling back a C-suite executive to confirm a request. Effective training removes that hesitation by making verification a standard cultural expectation rather than an accusation of distrust.

Ready to strengthen your team's security awareness? Contact EncryptedTechnology to learn about our training programs.

BEC awareness training

Train your team to recognize the four warning signs

Our BEC awareness module is built to the Texas Cyber Command (TXCC) FY 2026-27 required criteria and is built for any organization facing this threat.