February and early March 2026 consolidated a growing trend: Business Email Compromise (BEC) attacks using synthetic voice and video. Finance teams and executives became prime targets for urgent approval fraud, especially in international payment processes and banking data changes.
Why This Scenario Worsened in 2026
Voice and image synthesis tools became more accessible and faster. This reduced attack costs and increased campaign quality, now combining social engineering with real business context collected from social media, previous leaks, and public data.
Most Observed Tactics Between February and March
- False Executive Urgency: transfer requests with short deadlines and crisis language.
- Voice Imitation: short audio clips to confirm identity and pressure approval.
- Parallel Channel: contact via messaging app after initial compromised email.
- Bank Account Change: supplier registration alteration without strong validation.
Controls That Brought Practical Results
1. Dual Validation Outside Original Channel
Any extraordinary financial request must be confirmed via a second independent and previously known channel. Don't use the same channel where the request arrived to validate authenticity.
2. Two-Level Approval for Sensitive Payments
Payments above a defined threshold need two approvers from different areas, with mandatory audit trail and automatic execution blocking without all validation evidence.
3. Anti-BEC Playbook with Monthly Simulations
Organizations running fraud simulations with realistic scenarios reduced approval errors and increased proactive reporting of suspicious attempts.
Immediate Checklist for Your Company
- Review financial approval flows and remove undocumented exceptions.
- Train executive, finance, and procurement areas on deepfake signs and contextual fraud.
- Implement mandatory callback policy for banking data changes.
- Monitor email rules and signs of corporate account compromise.
Conclusion
In 2026, BEC evolved from text-only fraud to multimodal campaigns. Effective response combines process, technology and culture: robust approval controls, out-of-band validation and continuous training of most targeted areas.
