Fortra’s December 2025 BEC Global Insights Report shows a dip in attack volume, continued dominance of gift card fraud, and evolving use of cryptocurrency and wire transfers.
Business email compromise (BEC) activity declined modestly in December 2025, but attackers continue to refine their monetisation strategies, according to Fortra’s latest BEC Global Insights Report. Findings from active defence engagements conducted by Fortra Intelligence & Research Experts (FIRE) show a 13% decrease in overall BEC attack volume compared to November, indicating a short-term slowdown rather than a structural shift in threat behaviour.
Despite the drop in volume, gift cards remained the preferred cash-out method for cybercriminals, accounting for 52.8% of all BEC attacks during the month. Apple Store gift cards dominated requests, making up 50% of all gift card scams, followed by Amazon at 18.8% and DoorDash at 9.4%. Advanced fee frauds represented 21.3% of attacks, while wire transfer fraud accounted for 17.3%.
Wire transfer attacks declined by 15% month-on-month, with the average requested amount falling slightly to $51,291. Most wire transfer requests—82%—were between $10,000 and $50,000, while only 3% exceeded $100,000. Specialty banks continued to be the most commonly used mule accounts, followed by regional and major US banks.
Cryptocurrency-related BEC scams were less frequent but notable. FIRE identified 11 crypto-based scams involving nine unique Bitcoin wallets, with requested amounts ranging widely and averaging more than 2,600 BTC. This highlights the continued experimentation by threat actors with alternative payment rails.
Infrastructure analysis revealed that 66% of BEC attacks were sent from free webmail providers, while 34% originated from maliciously registered domains. Google-hosted services were the most commonly abused among registered domains, underscoring the ongoing challenge of distinguishing legitimate from malicious email traffic at scale.
Geographically, the United States remained the primary source of BEC attacks, accounting for 44%, followed by Nigeria at 26%. Fortra notes that while volumes fluctuate, the consistency of tactics such as gift card fraud and social engineering reinforces the need for stronger email security, employee awareness, and verification processes across organisations.