Business email compromise (BEC): A highly deceptive and destructive scam
Email has become the cornerstone of communication in the business world. Therefore, email is an increasingly appealing channel to cybercriminals. Over the past few years, a form of cyberattack known as business email compromise (BEC) has escalated in frequency and impact, causing significant financial and reputational damage to victim companies.
Business email compromise cost victims more than $2.3 billion in losses in 2023.
Source: FBI IC3’s Internet Crime Report 2023
Download this flyer to share with your employees.
What is business email compromise?
BEC involves email-based fraud schemes. Cybercriminals target businesses and then infiltrate or mimic certain employee email accounts with the intent of defrauding the company, or the external companies, clients, or organizations it does business with. The fraud victims can range from individuals to government organizations to businesses of all sizes.
BEC is a phased attack that may occur over the course of several weeks or months. It’s an especially deceptive scheme because the fraudster poses as a known contact, often a fellow employee or a supplier the victim already works with. The scheme can involve defrauding multiple victim companies — the company that was hacked and external companies and individuals.
For example, a hacker may hack into a CEO’s email account to send an email to an accounts payable (AP) department employee requesting payment be sent to a “new vendor” account. Or, a hacker may hack into the email of a company‘s supplier and send routine payment requests with “new payment instructions” and provide payment details for a bank account that belongs to the hacker.
How BEC typically works:
Hackers identify a target organization and gather information on employees, especially those in finance or executive positions. They choose a specific target, hack into their email, and learn their internal and external contacts, business routines, and communication style.
Hackers either infiltrate or spoof the targeted employee’s email account, creating a visually similar duplicate.
Hackers use the account to send fake emails requesting payments or transfers to potential victims, who usually have financial authorization. The victims may include employees of the targeted company or its partners, suppliers, and clients.
The person receiving the fake email recognizes the email address and company name as a contact they do business with. Since it appears routine and legitimate, they perform the requested financial action.
