Fake vendor or boss email requests that redirect legitimate payments
seedsecurity
OJK APU-PPT material describes BEC/EAC as sophisticated fraud targeting businesses and individuals making legitimate fund transfers, often through spoofed email, spearphishing, or compromised accounts.