BEC Global Insights Report: October 2025

Fortra Intelligence & Research Experts identified key trends and patterns in global Business Email Compromise (BEC) activities for October 2025, highlighting the evolving nature of these threats. 
 
The month of October saw an increase of 1% in BEC attack volume compared to September 2025, with attackers continuing to refine their tactics. Credential phishing emerged as a dominant cash-out method, representing 43.8% of all methods used by scammers.  
 
Fortra Intelligence & Research Experts also observed a notable decrease in credential phishing scams, with only 2,034 instances reported in October, representing an 11% reduction compared to September 2025. Furthermore, the average amount requested in wire transfer attacks decreased by 5%, from $50,970 in September 2025 to $48,252 in October.

Key findings include:

• BEC attack volume increased by 1% in October 2025 compared to September 2025. 
• Credential phishing was the most common cash-out method in October, representing 43.8% of all methods. 
• Fortra Intelligence & Research Experts identified 18 cryptocurrency-related scams and recorded 12 unique wallets used by scammers in October. 
• In October, a total of 2,034 credential phishing scams were reported, representing an 11% decrease compared to September 2025. 
• The average amount requested in wire transfer attacks was $48,252 in October, a 5% decrease from $50,970 in September 2025. 
• Specialty banks were the most common institution used for payroll diversion scams, comprising 26.0% of all cases in October 2025. 
• 70% of BEC attacks were sent from free webmail providers in October 2025. 
• The United States was identified as the primary location for BEC threat actors in October, with 38% of attacks originating from this region.

During the month of October 2025, FIRE observed an increase of 1% in overall attack volume in comparison to the prior month.  

Credential phishing was the most common cash out method (43.8%), followed by gift cards (9.8%), vishing (9.7%), advanced fee frauds (7.9%), wire transfers (2.3%), payroll diversions (1.5%), and cryptocurrency (0.4%). Twenty-five percent of the attacks in October 2025 requested various other types of payments.

Wire transfer BEC attacks increased by 32% in October (see Figure 2). 

The average amount requested from BEC wire transfer attackers was $48,252 in October compared to $50,970 in September 2025, a decrease of 5%. During the month of October, 4% of wire transfer BEC attacks requested less than $10,000, while 82% of wire transfer BEC attacks requested between $10,000 and $50,000. For the other 14% of wire transfer BEC attacks, 12% requested between $50,000 and $100,000 and 2% requested more than $100,000. 

During the month of October 2025, specialty banks proved to be the most common institutions of choice for wire transfer scammers, comprising 57.0% of the total. This type of bank was followed by major US banks (19.0%), regional US banks (15.0%), international (non-US) banks (8.0%), credit unions (6.0%), and online banks (2.0%).