Business Email Compromise (BEC)
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a cyberattack where threat actors gain unauthorized access to a business email account, typically by employing social engineering or phishingWhat is Phishing?Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive information,… More techniques. Once attackers have gained access to an account, they use it to trick employees, customers, or partners into making financial transactions or revealing sensitive information.
How does Business Email Compromise Work?
While there are several different types of BEC attacks, they all typically progress along the following stages:
- Initial Compromise – The attacker gains access to a legitimate business email account, often through phishing emails or other social engineering methods. They may send an email containing a malicious link or attachment, tricking the recipient into providing login credentials or installing malwareWhat is Malware?Malware, a portmanteau of “malicious software,” constitutes a broad category of software specifically designed to infiltrate, damage, or disrupt computer systems, networks, and devices without the user’s consent… More.
- Email Account Takeover – Once the attacker has access to the email account, they study the content of previous emails to understand the communication patterns, contacts, and ongoing business transactions. They may also set up email forwarding rules to ensure they receive copies of incoming and outgoing emails.
- Impersonation – With access to the email account, the attacker can impersonate the account owner or other trusted individuals within the organization. They can send emails to other employees, clients, or vendors, often pretending to be a high-ranking executive or someone with authority to request financial transactions.
- Social Engineering – The attacker leverages social engineering techniques to manipulate the recipient into taking specific actions, such as initiating wire transfers, changing account information, or disclosing sensitive information. They may create a sense of urgency or use other psychological tactics to increase the likelihood of compliance.
- Financial Fraud –The goal of a BEC attack is usually financial gain. Once the attacker has gained the recipient’s trust, they may request fraudulent wire transfers, invoice payments, or changes to banking information. Since the emails appear to come from a legitimate source within the organization, recipients are less likely to question the validity of the requests.
- Covering Tracks – To avoid detection, attackers may delete sent and received emails related to the scam, modify email headers to hide their true origin, or use anonymizing techniques to obfuscate their identity.
Types of Business Email Compromise
There are six main types of BEC attacks:
- False invoice schemes – BEC attackers impersonate a trusted vendor and email the target employee with a fake invoice attachment. Attackers often intercept and modify genuine vendor invoices to direct payments into their bank accounts.
- CEO fraud – Attackers masquerade as a CEO or executive asking an employee to send money somewhere, typically under the guise of closing a deal, settling an overdue invoice, or purchasing gift cards for other employees.
- Email account compromise – Scammers take over a regular employee’s email account to send false invoices to other companies, trick employees into sharing confidential information, or phish the credentials of executive accounts to use for CEO fraud.
- Attorney impersonation – Attackers impersonate lawyers and ask victims to pay invoices or share sensitive information.
- Data theft – Scammers target HR and finance employee accounts to steal Personally Identifiable Information (PII) and sensitive data.
- Commodity theft – Attackers impersonate corporate customers, using fake financial information to negotiate a large purchase on credit, for which they never pay.
The Future of Business Email Compromise
The FBI has already observed attackers expanding their tactics to take advantage of remote and hybrid working: scammers gain access to an executive’s email account, use it to arrange a virtual meeting with employees, display a static image of the executive, or use deepfake audio to claim technical difficulties, before instructing staff to transfer funds to a fake bank account. This evolution will only continue as new trends and technologies arise.
For more essential cybersecurity definitions, check out our other blogs below: