Business Email Compromise (BEC) Explained

1. What is BEC? Business Email Compromise (BEC) is a sophisticated form of cybercrime where attackers impersonate executives, employees, vendors, or trusted business contacts to trick companies into transferring funds or sharing sensitive information. BEC schemes typically rely on social engineering rather than technical hacking.

2. How Does BEC Work? BEC attacks generally follow these steps: Research & Reconnaissance: Attackers gather information on the target company and its personnel. They may study social media, corporate websites, and email addresses to identify key executives, employees, and vendors. Spoofing or Hacking an Email Account: Attackers either hack an employee’s email account (through phishing) or "spoof" it, making it appear as though the email is coming from a legitimate source. Impersonation & Deception: The attacker poses as an executive, vendor, or other trusted figure and sends an email with a sense of urgency, requesting a wire transfer, invoice payment, or sensitive data. The "Ask": The attacker requests a payment, sometimes providing a fake invoice or pretending that payment details have changed. The victim is often pressured to act quickly to avoid delays or penalties. The Theft: If successful, the attacker receives the funds, which are typically moved through a chain of bank accounts to obscure the final destination.

3. Common Types of BEC Schemes CEO Fraud: Attackers impersonate a CEO or senior executive and order employees to make urgent payments. Invoice Fraud: Attackers pretend to be a supplier or vendor, providing "updated" payment details. Account Compromise: An employee’s email account is hacked, and the attacker uses it to request payments or sensitive information. Attorney Impersonation: Attackers pose as legal representatives to pressure employees into paying quickly to avoid "legal consequences." Payroll Diversion: Attackers request changes to an employee's direct deposit information, sending wages to the attacker’s account.

4. Why Is BEC So Effective? Impersonation of Authority Figures: People are more likely to comply with urgent requests from senior executives. Urgency & Pressure: Attackers create a sense of urgency, pushing employees to bypass standard verification procedures Trust Exploitation: Since emails appear to come from trusted individuals, employees are less likely to question the requests.

5. The Financial Impact of BEC Global Losses: BEC attacks have caused more than $50 billion in losses globally since 2013. Large Payouts: Individual attacks can range from thousands to millions of dollars, often targeting large companies with high cash flow. Irrecoverable Losses: Once the funds are transferred to foreign accounts, recovery is often impossible.

6. Prevention & Protection Against BEC Email Security Tools: Implement email authentication (like DMARC, SPF, and DKIM) to reduce email spoofing. Verification Procedures: Use multi‐step verification for large payments, requiring verbal confirmation from executives or vendors. Employee Training: Teach employees how to recognize BEC scams, including signs of urgency, email spoofing, and unusual payment requests. Account Monitoring: Regularly review bank transactions to spot unusual wire transfers. Fraud Response Plan: Have a procedure in place to react quickly to suspected BEC incidents to stop payments before they settle.

7. Notable Examples of BEC Attacks Toyota Boshoku: Lost $37 million in a BEC scam in 2019. FACC (Austrian Aerospace Company): Lost $55 million in 2016 after attackers impersonated the CEO. Ubiquiti Networks: Lost $46.7 million in 2015 after receiving fraudulent payment requests from impostors.

2,000 U.S. People a Day are Being Victimized by Wire Fraud

Together, We Can Stop Wire Fraud

Business Email Compromise (BEC) Explained