What is BEC
Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets businesses to defraud the company. Business email compromise is a large and growing problem that targets organizations of all sizes across every industry around the world. BEC scams have exposed organizations to billions of dollars in potential losses.
Email account compromise (EAC), or email account takeover, is a related threat that is accelerating in an era of cloud-based infrastructure. EAC is often associated with BEC because compromised accounts are used in a growing number of BEC-like scams (though EAC is also the basis of other kinds of cyber attacks).
BEC and EAC are difficult to detect and prevent, especially with legacy tools, point products and native cloud platform defenses.
Types of Business Email Compromise
The FBI defines 5 major types of BEC scams:
- CEO Fraud: Here the attackers position themselves as the CEO or executive of a company and typically email an individual within the finance department, requesting funds to be transferred to an account controlled by the attacker.
- Account Compromise: An employee’s email account is hacked and is used to request payments to vendors. Payments are then sent to fraudulent bank accounts owned by the attacker.
- False Invoice Scheme: Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and request fund transfers to fraudulent accounts.
- Attorney Impersonation: This is when an attacker impersonates a lawyer or legal representative. Lower level employees are commonly targeted through these types of attacks where one wouldn’t have the knowledge to question the validity of the request.
- Data Theft: These types of attacks typically target HR employees in an attempt to obtain personal or sensitive information about individuals within the company such as CEOs and executives. This data can then be leveraged for future attacks such as CEO Fraud.
How Do BEC Attacks Work?
In BEC attacks, the attacker poses as someone the recipient should trust—typically a colleague, boss or vendor. The sender asks the recipient to make a wire transfer, divert payroll, change banking details for future payments and so on.
BEC attacks are difficult to detect because they don’t use malware or malicious URLs that can be analyzed with standard cyber defenses. Instead, BEC attacks rely instead on impersonation and other social engineering techniques to trick people interacting on the attacker’s behalf.
Because of their targeted nature and use of social engineering, manually investigating and remediating these attacks is difficult and time consuming.
BEC attacks use a variety of impersonation techniques, such as domain spoofing and lookalike domains. These attacks are effective because domain misuse is a complex problem. Stopping domain spoofing is hard enough—anticipating every potential lookalike domain is even harder. And that difficulty only multiplies with every domain of an outside partner that could be used in a BEC attack to exploit users’ trust.
