Plato Data Intelligence.
Vertical Search & Ai.

Guarding Against BEC: Understanding Business Email Compromise


Business Email Compromise (BEC) is a cyber threat that exploits the vulnerabilities of email communication. In business operations, BEC is often used to manipulate individuals within an organization for financial fraud or unauthorized access to sensitive information. Perpetrators impersonate trusted entities, such as executives or vendors, employing social engineering techniques to coerce employees into compromising actions. As businesses increasingly rely on digital communication, it is important to know about BEC to safeguard against potential financial losses and protect the integrity of sensitive data.

What is Business Email Compromise (BEC)?

BECs are cyber scams in which cybercriminals infiltrate or counterfeit legitimate business email accounts. Leveraging social engineering, email spoofing, and identity fraud, these malevolent actors manipulate individuals into making unauthorized fund transfers or divulging confidential Personally Identifiable Information (PII). Spoofing emails involve subtle alterations to legitimate sender addresses or URLs. CEO, CFO, vendor, or attorney impersonation is a common tactic, with scammers coercing victims into transferring funds under false pretenses. BEC threats may also include concealed malware within attachments.

How do BEC attacks typically work?

BEC attacks are multifaceted cyber threats that exploit trust and communication within organizations. Typically initiated through social engineering and email deception, these attacks follow a systematic pattern. Typically, the initiation of a BEC attack involves a cybercriminal gathering information on the targeted company. This phase entails the collection of publicly accessible details about company personnel, including names and titles, extracted from press releases, social media profiles, and website content.

The cybercriminal proceeds to infiltrate the company’s email system through methods like phishing emails or email account spoofing, particularly targeting key employees.

Once access to the email system is secured, the attacker often deploys highly focused and urgent emails directed at employees, coercing them to disclose sensitive information. This approach often succeeds because recipients, perceiving the email as originating from a trusted source like a colleague or legal representative, may unwittingly comply without suspicion. Scammers often adopt roles like CEO, CFO, or vendors.  Under such false pretenses, a scammer emails an employee, urgently requesting a fund transfer for a seemingly legitimate business reason.

Malware could be hidden in attachments. For example, an innocuous-looking invoice attachment could contain malware, compromising the recipient’s system when opened, and enabling unauthorized access.  The malware can redirect redirected payments to their controlled bank accounts, thereby leading to financial losses to the company.

According to Gartner’s 2022 Gone Phishing Tournament Report, a concerning 44% of employees click on email phishing links.

Types of BEC Attacks

BECs come in various forms, each exploiting different tactics to compromise organizations. Here are five common types of BEC attacks:

  1. CEO Fraud: In CEO fraud, cybercriminals impersonate high-ranking executives, typically CEOs or other top-level officials. They send emails to employees, often in finance or accounting, instructing urgent and confidential fund transfers. The deception relies on the authority associated with executive positions.
  2. Invoice Manipulation: This form of BEC involves hackers infiltrating email accounts involved in financial transactions, such as those of vendors or suppliers. The attackers then alter legitimate invoices, redirecting payments to fraudulent accounts. This type preys on the routine nature of invoicing processes.
  3. Attorney Impersonation: BEC scammers, posing as attorneys or legal representatives, send emails claiming urgent legal matters requiring immediate action. This often involves requests for fund transfers to settle supposed legal issues. The fraud leverages the trust associated with legal professionals.
  4. Employee Account Compromise: In this type, cybercriminals gain access to an employee’s email account through various means, such as phishing or credential theft. Once inside, they exploit the compromised account to send seemingly legitimate requests for fund transfers or sensitive information to other employees.
  5. Vendor Email Compromise: BEC attackers target the email accounts of vendors or suppliers associated with the target organization. By infiltrating these accounts, scammers can manipulate ongoing transactions, alter payment details, or misdirect funds, often exploiting the established relationships between the target and its vendors.

Understanding these types of BEC attacks is crucial for organizations to strengthen their defenses against damage.

Phishing vs. Business Email Compromise

Phishing and Business Email Compromise (BEC) are cyber threats, each with distinct characteristics. Phishing involves deceptive tactics, often through fake emails or websites, to trick individuals into divulging sensitive information. In contrast, BEC is a more targeted and sophisticated form of cybercrime where attackers compromise legitimate email accounts to manipulate individuals into unauthorized fund transfers or disclosure of confidential data. While phishing casts a wide net, BEC relies on social engineering, specifically exploiting trust within organizations. Both threats underscore the critical need for cybersecurity measures and user awareness to mitigate the risks associated with deceptive online practices.

How to Identify Potential BEC Scams

Identifying BEC involves recognizing specific red flags and behavioral patterns indicative of potential scams. Here are key indicators to help identify BEC:

  1.  Spoofed Communications: Check for spelling errors and domain authenticity in payment requests received via email. Look out for impersonal greetings or unusual grammar in emails.
  2. Use of Personal Accounts: Be cautious if company leaders or vendors communicate through personal accounts.
  3. Urgency:  Watch for requests pressuring quick action on data changes or fund transfers.
  4. Relying on Employees’ Response to Authority: BEC often exploits employee conditioning to comply swiftly with requests from executives.
  5. Busy Time Requests: Fraudulent requests may coincide with the end of the workday or week.
  6. Single Form of Communication: Scammers may limit communication channels, citing unavailability via other means.

A compromised email account may present various discernible indicators. Users might observe unintended modifications to their profiles, including changes to their names and contact information. Additionally, inbox rules may appear without user initiation, automatically redirecting emails to folders like Notes or RSS. Another tell-tale sign is when recipients receive emails from the compromised account, but these sent emails do not register in the user’s Sent folder. Moreover, a blocked status on the user’s mailbox for sending emails could indicate a security breach.

How do I protect against BEC

Safeguarding businesses against BEC requires a proactive and multi-pronged approach. Here are crucial measures to fortify defenses against BEC attacks:

  1.  Employee Training: Conduct regular training sessions to raise awareness about BEC threats. Train employees to identify phishing emails, verify unusual requests, and recognize social engineering tactics.
  2. Authentication Procedures: Establish robust procedures for verifying sensitive transactions or requests. Implement dual approval processes for high-risk transactions to add an extra layer of verification.
  3. Communication Verification: Encourage employees to verify unusual requests through alternate communication channels. Establish protocols for independently confirming requests with executives, vendors, or clients through trusted contact information.
  4. Email Filtering and Authentication: Implement advanced email filtering systems to identify and block suspicious emails. Utilize Domain-based Message Authentication, Reporting, and Conformance (DMARC) to authenticate email sources and prevent email spoofing.
  5. Regular Security Audits: Conduct regular security audits to identify vulnerabilities. Engage third-party cybersecurity experts to perform external assessments and identify potential weaknesses.
  6. Incident Response Plan: Develop a comprehensive incident response plan to address BEC incidents promptly. Conduct simulation exercises to ensure employees are well-versed in responding to potential BEC scenarios.
  7. Secure Payment Processes: Implement stringent verification processes for fund transfers and changes to payment details. Thoroughly vet payment change requests, especially those involving alterations to receiving accounts.
  8. User Access Management: Limit the number of employees authorized to approve or conduct sensitive transactions. Implement strict user access controls to minimize the risk of unauthorized actions.
  9. Vendor Security Collaboration: Collaborate with vendors to establish secure communication protocols. Share information about potential BEC threats with relevant partners and suppliers.
  10. Leveraging technology: Utilizing contemporary technology software equipped with integrated security features ensures robust email security, effectively preventing data loss and mitigating the risk of fraudulent payments.

Take away

Understanding the tactics employed by cybercriminals, from email spoofing to social engineering, is important to prevent losses due to BEC. The importance of employee education, secure communication channels, and stringent verification processes cannot be overstated. As BEC continues to adapt, businesses must proactively update their cybersecurity measures, to build resilience and protect themselves against the financial and reputational threats.


Latest Intelligence


Chat with us

Hi there! How can I help you?