Business email compromise attempts soared last year, with nearly three-quarters of organizations reporting incidents, a new survey found.
According to the Association for Financial Professionals (AFP) 2026 Payments Fraud and Control Survey Report, 74% of organizations experienced BEC last year, up from 63% in 2024. And it said there’s a simple reason why.
“Fraud via email continues to be prevalent because email remains the main communication tool at organizations, making it a prime target for cybercriminals,” AFP wrote in the report released April 14.
Spoofed emails—which appear to come from a trusted source—topped the list of BEC types, with 85% of organizations receiving them in 2025. But that’s not the only way fraudsters attempt BEC. “More than half of respondents indicate that their companies received emails from domains that looked almost identical to legitimate ones, with only minor differences in a letter or two,” AFP reported.
In other findings, AFP said check fraud remains the No. 1 type of payment fraud, reported by 58% of organizations. While that figure is down slightly from a year earlier, the report noted a troubling finding: “Despite being the payment method most vulnerable to payments fraud, check usage at businesses is widespread: 87% of organizations report using checks in 2025.”
More Info