What should an employee do if they suspect a BEC attack?

Stop. Do not process the payment or respond. Contact your IT or security team immediately. Verify the request by calling the apparent sender using a number from your existing records — never a number provided in the suspicious email. Document everything and forward the suspicious email to your security team. If a transfer has already been made, contact your bank immediately.

BEC Fraud in Honduras — The Email Attack Draining Millions from Honduran Businesses

How Business Email Compromise works, why Honduran exporters and financial institutions are prime targets, and the controls that stop wire transfer fraud

Business Email Compromise (BEC) — also known as CEO fraud or wire transfer fraud — is consistently the highest-loss cyberattack category globally according to the FBI’s Internet Crime Complaint Center, generating billions of dollars in losses annually. In Honduras, BEC fraud has become one of the most financially damaging threats facing the business community, particularly affecting export-oriented companies, financial institutions and organizations that process high-value transactions with international partners.

Unlike ransomware, which encrypts systems and demands payment to restore them, BEC attacks are social engineering operations that manipulate employees into voluntarily transferring money to attacker-controlled accounts. The technical sophistication is often minimal — what makes BEC so effective is the careful research attackers conduct on their targets and the psychological manipulation they apply to create urgency and bypass normal verification processes.

How BEC Fraud Works — The Attack Playbook

BEC attacks follow a consistent methodology that exploits trust, authority and urgency:

Phase 1 — Target Research

Attackers begin by thoroughly researching the target organization using publicly available information: company websites, LinkedIn profiles, social media, business registries and press releases. They identify the executives with payment authority (CEO, CFO), the employees who process payments (accounts payable, finance managers), and the regular vendors and international partners the company works with. Honduran maquilas and exporters are particularly vulnerable because their international client and supplier relationships are often publicly visible through trade publications, partner websites and industry directories.

Phase 2 — Email Account Compromise or Spoofing

Attackers either compromise an actual email account (usually through phishing) or create a convincing lookalike domain. A real company using gladiium.com might be impersonated by gladiium-hn.com, gladlium.com or g1adiium.com — small differences that are easy to miss in a busy inbox.

Phase 3 — The Fraudulent Request

The attacker sends a carefully crafted message that typically: comes from a trusted source (CEO, CFO, or known vendor), creates urgency or confidentiality pressure, requests a payment or bank account change, and provides a plausible business reason. Common scenarios include: executive requesting urgent wire transfer for a confidential acquisition, vendor notifying a bank account change for future payments, or international client requesting payment to a new account.

Phase 4 — The Transfer

If the employee complies without verification, funds are wired to an attacker-controlled account — often in a different country — and rapidly moved or converted before the fraud is detected. Recovery is extremely rare once the transfer clears.

Why Honduran Businesses Are Prime BEC Targets

Several characteristics of the Honduran business environment make local companies particularly attractive BEC targets:

Export Maquilas and Manufacturing

Maquilas and export manufacturers in the Valle de Sula process regular high-value international payments to suppliers, logistics providers and international buyers. The payment volumes are large, the transaction patterns are predictable, and many companies have international banking relationships that can be impersonated. An attacker who compromises or spoofs a regular international supplier’s email address can redirect a single payment of $100,000 to $500,000 with a well-crafted vendor bank account change notification.

Financial Institutions

Banks, cooperatives and financial companies in Honduras process high-volume interbank transfers and international remittances. Internal BEC attacks targeting authorized signatories at financial institutions have resulted in multi-million dollar losses in the Central American region.

Import and Distribution Companies

Companies that import goods and regularly pay international suppliers are targeted with vendor impersonation attacks. An attacker who intercepts or monitors supplier communications can time a fraudulent bank account change notification to coincide with a legitimate invoice, making the request appear completely normal.

The Language Gap

Many Honduran companies conduct international business in English. BEC attackers are fluent in crafting convincing English-language business communications, and Honduran employees may be less confident questioning the authenticity of formal English communications from apparent executive sources.

How to Detect and Prevent BEC Fraud in Your Honduran Organization

BEC prevention requires a combination of technical controls and organizational procedures:

Technical Controls

Multi-Factor Authentication (MFA) on all email accounts — The most effective single control. Even if an attacker has a valid password, MFA prevents email account takeover, eliminating the most dangerous form of BEC.
Email authentication (DMARC, DKIM, SPF) — Properly configured email authentication prevents attackers from spoofing your organization’s domain in emails to your partners. It also helps you detect when someone is spoofing a partner’s domain to reach your employees.
Anti-phishing email filtering — Advanced email security that analyzes sender reputation, detects lookalike domains and flags suspicious payment-related language.
SIEM monitoring for anomalous login patterns — Detects when email accounts are accessed from unusual locations or at unusual hours, indicating potential compromise.

Procedural Controls

Mandatory callback verification for payment changes — Any request to change a vendor’s bank account must be verified by phone using a number from your existing records — never a number provided in the suspicious email.
Dual authorization for wire transfers above a threshold — No single employee should be able to authorize a large wire transfer. Requiring two authorized signatories eliminates the single point of failure that BEC exploits.
Security awareness training with BEC simulations — Regular training that teaches employees to recognize BEC red flags and simulated BEC attempts that test real-world detection rates.

Frequently Asked Questions — BEC Fraud in Honduras

What is the difference between BEC and phishing?

Phishing typically involves mass emails sent to large numbers of recipients with the goal of stealing credentials or installing malware. BEC is highly targeted — attackers research specific individuals and organizations and craft personalized communications designed to trigger a specific financial action. BEC attacks often look nothing like traditional phishing because they contain no malicious links or attachments — they are purely social engineering.

Can BEC losses be recovered once the transfer has been made?

Recovery is rare but not impossible. If discovered within hours of the transfer, the FBI’s Internet Crime Complaint Center (IC3) Recovery Asset Team (RAT) and cooperation between financial institutions can sometimes freeze funds before they are moved. In Honduras, reporting to the Agencia de Investigacion Criminal (ATIC) immediately is essential. GLADiiUM’s incident response team can assist with the technical forensics and coordination required to maximize recovery chances.

How does GLADiiUM help Honduran companies prevent BEC?

GLADiiUM’s BEC prevention program includes: MFA deployment on all corporate email accounts, DMARC/DKIM/SPF email authentication configuration, email security gateway deployment and tuning, SIEM monitoring for anomalous email account access patterns, BEC-specific security awareness training and simulations, and incident response planning for when a BEC attempt is detected. Our local team in San Pedro Sula and Tegucigalpa can train finance and accounts payable teams on-site.

What should an employee do if they suspect they are being targeted by BEC?

Stop. Do not process the payment or respond to the request. Contact your IT or security team immediately. Verify the request by calling the apparent sender using a phone number from your existing records — not any number provided in the suspicious email. Document everything: forward the suspicious email to your security team and preserve all related communications. If a transfer has already been made, contact your bank immediately to attempt a recall and report to ATIC.

Is Your Honduran Business Protected Against BEC Fraud?

GLADiiUM's team in San Pedro Sula and Tegucigalpa can deploy MFA, configure email authentication and train your finance team against BEC — the most financially damaging attack targeting Honduran businesses.

You might be interested…