Payment redirection fraud (also called Business Email Compromise or invoice fraud) is one of the most common and costly cybercrimes targeting businesses. Here's what the data shows.
According to security research, organisations with fewer than 1,000 employees have a 70% weekly probability of experiencing at least one BEC attack attempt. This means most SMBs face multiple attack attempts every month.
In 2023, BEC attacks skyrocketed with monthly attacks per 1,000 mailboxes more than doubling to 10.77 attacks per 1,000 mailboxesāa 108% increase compared to 2022. Attack rates peaked in October 2023 at 14.57 attacks per 1,000 mailboxes.
BEC attacks increased by 15% in 2025 compared to 2024
Security services intercept over 3,000 BEC messages per month on average
Research shows a 30% increase in BEC attacks as of March 2025
By mid-2024, an estimated 40% of BEC phishing emails were AI-generated
93% of UK companies were targeted by fraud in the past year (2024-2025)
79% of companies reported attempted or actual payments fraud in 2024
57% of small business owners have experienced fraud at some point
22% of small businesses have specifically experienced BEC scams
41% of UK SMBs have been a victim of fraud
According to the UK Government's Economic Crime Survey 2024:
11% of all businesses experienced fake invoice fraud in the past 12 months
Among businesses that experienced any fraud, 74% had more than one incident
The average number of fraud incidents per affected business was 16 incidents
Data compiled from FBI IC3, ACCC Scamwatch, UK Finance, UK Government Economic Crime Survey, Abnormal AI, Hoxhunt, Trustpair, and Visa research.
