Business email compromise is outpacing legacy email defenses

At a glance

What this is: This is an analysis of why business email compromise remains effective and how AI-generated, plain-text social engineering defeats legacy email controls.

Why it matters: It matters because BEC now overlaps human trust, identity signals, and mailbox behavior, so IAM, PAM, and security teams need controls that look beyond content filtering.

By the numbers:

• Business email compromise caused $2.8 billion in losses in 2024 alone and $17.1 billion since 2015.
• BEC attack volume rose 54% between 2023 and 2024.

👉 Read Abnormal AI's analysis of business email compromise and AI-driven fraud

Context

Business email compromise is a social engineering attack that uses trusted identities, urgent requests, and realistic business context to trick employees into moving money or changing account details. The primary identity problem is not malware delivery, but the abuse of human trust inside normal business workflows, which means traditional email filtering sees the message but not the fraud.

For IAM and security teams, BEC sits at the intersection of human identity, communication trust, and approval processes. The article argues that plain-text messages sent from legitimate domains now evade legacy secure email gateways, so detection must shift toward identity, mailbox behavior, and relationship context rather than content signatures alone.

Key questions

Q: How should security teams reduce business email compromise without relying on employee judgment?

A: Security teams should combine identity signals, mailbox telemetry, and approval workflow controls so BEC is detected before a person has to decide whether the email is real. That means verifying high-risk actions out of band, flagging unusual sender behaviour, and correlating login or mailbox-rule changes with payment or payroll requests.

Q: Why do secure email gateways miss modern business email compromise?

A: Secure email gateways were built to spot malicious links, attachments, and known spam patterns. Modern BEC often uses plain text, legitimate domains, and business context, so the email appears clean even when the request is fraudulent. The control gap is in context recognition, not message delivery.

Q: What do organisations get wrong about BEC training programs?

A: They treat training as the primary detection layer instead of a backup control. Training helps people slow down and report suspicious requests, but AI-generated BEC can be personalised enough to defeat visual scrutiny. Organisations need workflow verification and behaviour-based detection to reduce dependence on human judgement.

Q: How can teams decide when to verify a payment request outside email?

A: Teams should verify outside email whenever the request is high value, time pressured, unusual for the sender, or tied to bank details, payroll, or executive authority. The strongest rule is simple: if the request changes money or identity details, it deserves a second channel before execution.

Technical breakdown

Why secure email gateways miss business email compromise

Secure email gateways were built to detect malicious links, attachments, and known phishing infrastructure. BEC often avoids those signals entirely, using plain text, legitimate sender domains, and business-relevant language. That means the email can look technically clean while still being fraudulent. The real attack surface is the decision path inside the organisation: who is trusted, which requests are routine, and what approvals can be rushed under pressure. When the attack uses authentic-looking language and timing, content-based controls lose most of their value.

Practical implication: supplement message scanning with identity, mailbox, and workflow signals that can spot fraud without relying on malicious content.

How behavioural AI and relationship mapping change BEC detection

Behavioural AI looks for deviations from normal communication patterns, such as an executive suddenly pushing a payment request or a vendor conversation shifting in tone, timing, or routing. Relationship mapping adds context by modelling who normally communicates with whom, how often, and in what sequence. Together, these approaches detect inconsistencies that a human reviewer may miss, especially when generative AI makes the message grammar and style appear flawless. This is not about reading more emails. It is about recognising when the request does not fit the organisation’s own communication graph.

Practical implication: build detection around communication baselines, approval patterns, and relationship anomalies rather than keywords or sender reputation alone.

Why employee training cannot be the only control

Training still matters, but it is a weak final barrier when an attack is personalised, urgent, and indistinguishable from legitimate correspondence. Human reviewers are slow, inconsistent, and vulnerable to workload pressure. The article’s core point is that adversaries are using AI to make BEC harder to spot precisely where training depends on obvious cues. Once attackers can reproduce tone, formatting, and organisational context, the burden on employees becomes unrealistic. Effective control needs to move upstream, before the email reaches the inbox or the request reaches approval.

Practical implication: treat awareness training as a supporting control, not the detection layer that must stop modern BEC on its own.

Threat narrative

Attacker objective: The attacker wants to obtain money or redirect funds by making a fraudulent request look like an ordinary business communication.

1. Entry occurs when the attacker sends a convincing plain-text message from a legitimate-looking or compromised business identity to a target who already handles payments, payroll, or vendor changes.
2. Escalation happens when the recipient accepts the request as routine, bypasses normal verification, or follows the attacker into a payment, account-change, or gift-card workflow.
3. Impact is realised when funds are redirected, payroll details are altered, or sensitive business trust is exploited before the fraud is detected.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Business email compromise is an identity abuse problem before it is an email problem. The decisive failure is not delivery of a malicious payload, but the hijacking of trust relationships inside business workflows. That means the control boundary sits around identity, approval, and context, not just message inspection. Organisations that still treat BEC as a spam variant are defending the wrong layer, and that leaves finance, HR, and executive workflows exposed.

Legacy email security was designed for malicious artifacts, not legitimate-looking fraud. Secure email gateways can filter known bad links and attachments, but they do not reliably evaluate whether a request makes sense in the organisation’s relationship graph. That assumption fails when attackers use plain text, valid domains, and urgent business language. The implication is that email security and identity governance now overlap much more tightly than most programmes acknowledge.

Human trust has become a measurable attack surface, not an unstructured soft spot. Generative AI lowers the cost of persuasion and raises the volume of messages that appear credible enough to pass a manual check. Behavioural detection and relationship mapping matter because they expose mismatches in sender behaviour, timing, and workflow context. Practitioners should treat communication trust as a governed asset, not a cultural afterthought.

Identity context is the named concept BEC defenders need to operationalise. In practice, this means the security decision depends on whether a message, request, or mailbox event fits the identity and communication patterns expected for that actor. When that context is absent or inconsistent, the organisation has a governance signal, not just a suspicious email. Teams that can model identity context will detect fraud earlier and reduce dependence on user judgement.

AI-native BEC defence is now a governance requirement, not a tuning preference. The article’s evidence shows that attack volume is rising while the old controls miss the dominant technique. That creates a programme-level gap between how organisations think email risk works and how BEC actually operates. Practitioners should respond by elevating BEC into identity and workflow governance, where approval logic and behavioural baselines can be enforced.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• That same governance gap is explored further in OWASP NHI Top 10, which is useful when identity-driven behaviour starts to cross tool and data boundaries.

What this signals

BEC is now part of the same broader identity-risk problem that includes human trust, machine workflow, and AI-assisted interaction. As adversaries use generative systems to scale believable requests, teams should expect more fraud attempts that look operationally normal but behave anomalously when viewed through identity and approval telemetry.

Communication context debt: organisations that have not modelled who normally approves what will struggle to detect when a request is legitimate on the surface but fraudulent in structure. That gap is strongest in finance, payroll, and vendor-change workflows, where a single trusted message can bypass multiple weak controls.

The practical response is to connect email, IAM, and business workflow controls so suspicious requests can be challenged before money or account ownership changes hands. For programme owners, this is a signal to prioritise cross-domain telemetry and out-of-band verification rather than more user reminders.

For practitioners

• Instrument mailbox and identity signals together Correlate login anomalies, mailbox rule changes, sender behaviour, and approval workflow deviations so BEC detection is not dependent on message content alone.
• Add verification gates for high-risk requests Require out-of-band confirmation for wire transfers, payroll changes, vendor bank updates, and executive payment requests, especially when the communication path is unusual.
• Model normal business communication patterns Map who normally talks to whom, how often, and through which channels so anomalous requests can be flagged before employees act on them.
• Treat awareness training as a supporting control Use training to improve reporting and recognition, but do not rely on staff to detect AI-generated fraud that closely mirrors legitimate business language.

Key takeaways

• Business email compromise succeeds because it attacks trust and workflow context, not just inbox content.
• The scale is substantial, with $2.8 billion in 2024 losses and a 54% annual rise in attack volume.
• Teams should move verification upstream into identity, mailbox, and approval controls before users are asked to judge message authenticity.

Key terms

• Business Email Compromise: Business email compromise is a social engineering attack that uses trusted-looking email to trick people into moving money or changing account details. The attack succeeds by exploiting business process trust, making identity, approval, and communication context the real control points rather than spam filtering alone.
• Identity Context: Identity context is the surrounding behavioural and organisational information that tells you whether a request fits how an identity normally operates. In BEC defence, it includes sender patterns, workflow history, relationship maps, and timing cues that help distinguish a legitimate request from a fraudulent one.
• Relationship Mapping: Relationship mapping is the practice of modelling who normally communicates with whom, how often, and through which channels. For security teams, it creates a baseline that can reveal when an email request appears socially plausible but structurally out of pattern for the organisation.
• Behavioural Detection: Behavioural detection is an analytics approach that looks for deviations from normal activity rather than known malicious signatures. In email defence, it can identify unusual sender behaviour, mailbox changes, or approval patterns that indicate fraud even when the message content appears authentic.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Abnormal AI: analysis of business email compromise, AI-generated fraud, and email defence gaps. Read the original.