Business Email Compromise (BEC) is a cyberattack where threat actors gain unauthorized access to a business email account, typically by employing social engineeringWhat is Social Engineering? Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit… or phishingWhat is Phishing? Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive… techniques. Once attackers have gained access to an account, they use it to trick employees, customers, or partners into making financial transactions or revealing sensitive information.
While there are several different types of BEC attacks, they all typically progress along the following stages:
There are six main types of BEC attacks:
The FBI has already observed attackers expanding their tactics to take advantage of remote and hybrid working: scammers gain access to an executive’s email account, use it to arrange a virtual meeting with employees, display a static image of the executive, or use deepfake audio to claim technical difficulties, before instructing staff to transfer funds to a fake bank account. This evolution will only continue as new trends and technologies arise.
For more essential cybersecurity definitions, check out our other blogs below: