BEC is a targeted attack where criminals impersonate executives or vendors via email to trick employees into transferring funds or divulging sensitive information. Average loss: $120,000 per incident.
BEC doesn't require malware — it's pure social engineering. Defenses: out-of-band verification for wire transfers, DMARC/DKIM, training employees to verify requests through phone calls.