In BEC attacks, the attacker poses as someone the recipient should trust—typically a colleague, boss or vendor. The sender asks the recipient to make a wire transfer, divert payroll, change banking details for future payments and so on.
BEC attacks are difficult to detect because they don’t use malware or malicious URLs that can be analyzed with standard cyber defenses. Instead, BEC attacks rely instead on impersonation and other social engineering techniques to trick people interacting on the attacker’s behalf.
Because of their targeted nature and use of social engineering, manually investigating and remediating these attacks is difficult and time consuming.
BEC attacks use a variety of impersonation techniques, such as domain spoofing and lookalike domains. These attacks are effective because domain misuse is a complex problem. Stopping domain spoofing is hard enough—anticipating every potential lookalike domain is even harder. And that difficulty only multiplies with every domain of an outside partner that could be used in a BEC attack to exploit users’ trust.