BEC – business email compromise

Business email compromise (BEC) is a type of corporate financial scam that specifically targets organizations conducting business abroad. This scam relies upon the attacker’s ability to successfully impersonate communications from a company stakeholder that would be tasked with instructing other high-level employees in conducting business transactions and using wire transfers to pay manufacturers and suppliers. Spoofing or compromising these specific corporate employee email accounts can result in fraudulent transfers.

Often in BEC security scenarios, the attacker will impersonate the high level employee and provide instructions for employees to share information or conduct transfers with a fictitious supplier. In other reported crimes, the attacker creates fake documents and invoices to impersonate the foreign manufacturer or supplier.

It has also been noted that attackers may initiate the BEC scam by targeting employees in HR to obtain personally identifiable information (PII) of stakeholders and other key employees to be used in future attacks.

Note: Business email compromise (BEC) is also called business email spoofing (BES)

The Five Common Types of BEC Attacks

According to security firm Trend Mico there are five types of BEC attacks to be aware of:

  1. Bogus Invoice: Attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.
  2. CEO Fraud: Attackers pose as the CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
  3. Account Compromise: A high-level employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are sent to fraudulent accounts.
  4. Attorney Impersonation: Attackers pretend to be a lawyer or from the law firm supposedly in charge of crucial and confidential matters.
  5. Data Theft: Employees under HR or bookkeeping are targeted to obtain personally identifiable information (PII) of employees and executives to be used for future attacks. (Source)

While business email compromise attacks use email and other forms of technology and digital communications to be successful, the scam does not use technical security exploits, making it difficult for organizations to detect. Most security firms recommend employee education and additional security awareness training to identify and avoid BEC scams.

Operation WireWire

In June 2017, an FBI operation managed to bring down an international criminal organization whose main activity was business email compromise (BEC). The operation, known as WireWire, led to 74 arrests in seven countries, and the retrieval of 16.2 million dollars. (Source: Panda Security)

Previous articleCoding Boot Camp
Next articleCyber Security Boot Camp
Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Unregulated Power Supply Definition...

An unregulated power supply is a system that transforms input voltage into direct...

Cybersecurity Awareness Training Definition...

Cybersecurity awareness training informs employees of the attack surfaces and vectors in their...

OST File Definition &...

An OST file, or offline storage table (.ost) file, is an Offline Outlook...