Business Email Compromise (BEC)

What is a Business Email Compromise (BEC)?
Any recent search on YouTube for scams will probably contain a video or two about this growing type of fraud. The most famous exposed business email compromise scammer and Instagram influencer was hushpuppi. Still, many more organized and highly sophisticated cybercriminals are operating behind the scenes and not flashing their ill-gotten wealth. So, what is a business email compromise or BEC? BEC is a type of email scam in which cybercriminals target a business to defraud the company.
A BEC attack is designed to gain access to critical business information or extract money. BEC depends on employees trusting emails that appear as if it is coming from a trusted business associate, such as a manager, director, vice-president, or C-Level executives. These compromised or spoofed emails may also appear to come from business vendors or financial institutions. These emails aim to attempt to convince an employee to reveal critical business or financial information or process a legitimate-looking payment request.
So how does cybercriminal find their targets? Well, cybercriminals can obtain their target list by mining LinkedIn profiles and corporate websites, shifting through compromised business email databases, and posting those very popular Facebook questionnaires. Additionally, these sophisticated cybercriminals will conduct extensive research on corporate officers and executives before launching their attacks.
In 2019 the FBI reported BEC attacks led to losses of approximately 1.7 billion dollars. The last published report mentioned that in the first quarter of 2020, there were over 30,700 organizations targeted. We suspect this type of fraud has surpassed this number in 2021, especially with the increase in work-from-home employees.
Types of Business Email Compromise
C-Level or CEO Fraud: With CEO Fraud, the attackers position themselves as the CEO or executive of a company and typically email an individual within the finance department requesting funds to be transferred to an account controlled by the attacker. The request will contain a slight variation of their legitimate email address, such as [email protected], versus [email protected] to fool the victim into believing the request is authentic.
Account Compromise: Through spear phishing, an employee’s email account is hacked, and a message is sent to a targeted victim to trick them into revealing sensitive information. The cybercriminal could use this account and information to request payments to vendors. The request will usually state that the vendor is changing their payment method or account and include a new routing and account number. The payments will be sent to fraudulent bank accounts owned by the cybercriminal.
False Invoice Scheme: Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and requests wire payments are redirected into fraudulent accounts. The invoices will appear legitimate and quite convincing, with the only alteration being the fraudulent bank account. They may also create a lookalike domain (LAD) to impersonate the victim’s legitimate vendor. Lookalike Domain Names use character replacements to make them look as close as possible to the domain of a business, brand, or government agency.
Attorney Impersonation: This is when an attacker impersonates a lawyer or legal representative inside or outside the organization. Subordinate employees are commonly targeted through these types of attacks since they are less likely to question the validity of the request.
Data Theft: These types of attacks typically target human resources employees to obtain personal or sensitive information about individuals within the company, such as CEOs, executives, finance, or procurement employees. This data can then be leveraged for future attacks such as C-Level or wire transfer fraud. This method of fraud is also used to obtain sensitive information on other employees, such as copies of their W-2 forms, Social Security Numbers, and home addresses which can be used for tax identity fraud and other forms of identity theft.
Be the first to comment