What Is Business Email Compromise (BEC)

Eagle-Eye-T-Banner-BEC-updated

What is BEC (Business Email Compromise)

Business Email Compromise, or BEC, is a type of cybercrime where scammers use email to trick the recipient to either send money or divulge sensitive company information. The scammers pose as legitimate figure from the company and asks for a fake bill or sensitive information which they can then use in another scam. With remote working such attacks are on the rise.

Types of BEC scams

Emails are the originating point for 91% of cyber attacks. In the next couple of sections we will learn more about some of the common types of scams.

 

 

Theft of Data

In these types of scams, the HR department is usually the target. They try to get sensitive company information such as someone’s roster or personal phone number. This in turn makes it easier for scammers to sound more believable and therefor gain the trust of their victims.

False invoice scam

Scammers will post as a legitimate vendor that the company does business with. The scammer will then email a fake bill, which very closely looks like a real one, even though the account number might be off by one digit. They could also ask you to use a different account to pay the invoice as your bank is currently being audited.

 

CEO Fraud

The email of a CEO is usually spoofed or hacked by scammers. Once the account is compromised or spoofed emails are sent to employees instruting them to make a purchase or send money via wire transfer. They could even ask an employee to purchase gift cards and send them pictures of the serial numbers so that they can redeem them.

Lawyer impersonation

In this type of BCE attack scammers gain unauthorized access to a legitimate email account at a law firm. In turn they send emails to client with an invoice or link to pay online. The email might come from a legitimate source but the links inside may not lead to a legitimate destination.

Account compromise

The last type of attack is where scammers use malware or phishing to gain access to an account of someone in the companies finance department, such as a finance clerk. Once an account is compromised scammers send fake emails from that company requesting payment to a fraudulent bank account.

Reach out to us on [email protected] to discuss training options for your employees, in order to keep your sensitive information safe.

EMBED THIS VIDEO – https://www.youtube.com/watch?v=5GU03qJbvn4

References:

https://www.microsoft.com/en-us/security/business/security-101/what-is-business-email-compromise-bec

Leave a Reply

Your email address will not be published. Required fields are marked *