BEC – business email compromise

Business email compromise (BEC) is a type of corporate financial scam that specifically targets organizations conducting business abroad. This scam relies upon the attacker’s ability to successfully impersonate communications from a company stakeholder that would be tasked with instructing other high-level employees in conducting business transactions and using wire transfers to pay manufacturers and suppliers. Spoofing or compromising these specific corporate employee email accounts can result in fraudulent transfers.

Often in BEC security scenarios, the attacker will impersonate the high level employee and provide instructions for employees to share information or conduct transfers with a fictitious supplier. In other reported crimes, the attacker creates fake documents and invoices to impersonate the foreign manufacturer or supplier.

It has also been noted that attackers may initiate the BEC scam by targeting employees in HR to obtain personally identifiable information (PII) of stakeholders and other key employees to be used in future attacks.

Note: Business email compromise (BEC) is also called business email spoofing (BES)

The Five Common Types of BEC Attacks

According to security firm Trend Mico there are five types of BEC attacks to be aware of:

  1. Bogus Invoice: Attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.
  2. CEO Fraud: Attackers pose as the CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
  3. Account Compromise: A high-level employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are sent to fraudulent accounts.
  4. Attorney Impersonation: Attackers pretend to be a lawyer or from the law firm supposedly in charge of crucial and confidential matters.
  5. Data Theft: Employees under HR or bookkeeping are targeted to obtain personally identifiable information (PII) of employees and executives to be used for future attacks. (Source)

While business email compromise attacks use email and other forms of technology and digital communications to be successful, the scam does not use technical security exploits, making it difficult for organizations to detect. Most security firms recommend employee education and additional security awareness training to identify and avoid BEC scams.

Operation WireWire

In June 2017, an FBI operation managed to bring down an international criminal organization whose main activity was business email compromise (BEC). The operation, known as WireWire, led to 74 arrests in seven countries, and the retrieval of 16.2 million dollars. (Source: Panda Security)

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...