Read as
Why this module exists. Business Email Compromise — the wire-fraud scheme where attackers impersonate executives or vendors and instruct money movement — is the single most financially damaging cybercrime against Indian enterprises. The IC3 records BEC losses worldwide at ~$50B over the last decade. Indian losses are under-reported but follow the same patterns. This module is the pattern catalogue and the defender controls that actually stop the fraud.
Why this module exists. BEC does not need malware, credential theft, or AiTM phishing. It only needs to convince one finance person to send money to the wrong account. The defence is mostly process, not technology. This module is the practitioner pattern.
The four BEC variants
| Variant | Attacker pose | Target |
|---|---|---|
| CEO fraud | CEO/CFO | Finance team member |
| Vendor invoice fraud | Compromised vendor | Accounts payable |
| Payroll diversion | Employee | HR / Payroll |
| Attorney impersonation | External counsel | Finance / legal team |
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants