Business email compromise scams involve taking over or impersonating a trusted user’s email account to target companies that conduct international wire transfers with the goal of diverting payments to an attacker-controlled account. These attacks are almost entirely based on phishing and social engineering, and are thus attractive to cybercriminals due to their relative simplicity. In most cases, BEC scams involve little to no technical knowledge, malware or special tools.