What is a Business Email Compromise (BEC) Attack?

A business email compromise (BEC) attack is an exploit where an attacker obtains access to a business email account or spoofs emails to impersonate specific individuals. It’s a sophisticated scam that imitates the owner’s identity with a believable email asking for funds.

According to an FBI report, Business Email Compromise (BEC) are the most financially devastating type of cyberattack, accounting approx. $1.8 billion in losses. They mostly target companies that regularly deal with internal wire transfers in large quantities. BEC scams are considered the most dangerous due to the success rate of these types of attacks.

business email compromise

Business Email Compromise examples & techniques

  • Email Spoofing – act of sending emails with a forged sender address.
  • Scams – Gift Card Scams, Advanced Payment Scam, etc.
  • Spear Phishing – Pose as a trusted source to convince victims to disclose confidential data.
  • Fake Invoice Scheme – attacker pretends to be a seller requesting fund transfers for payments to an account owned by fraudsters.
  • Attorney Impersonation
  • Account Compromise
  • Fake Account Update
  • Malware attack

Prevent Business Email Compromise (BEC) attacks

  • Implement DMARC with DMARC Policy
  • Payment Verification
  • Multi or Two-Factor Authentication
  • Use Internal Account Controls
  • Deploy Phishing Training
  • Verification before sending money or data
  • Double-check the sender’s email address
  • Payment verification

Report against Business Email Compromise (BEC)

Report the attack by visiting http://ftc.gov/complaint. It helps the FTC stop future fraud and accurately forecast threat trends. Or forward the message directly to the FTC at reportphishing@apwg.org.

To learn more about BEC, please subscribe to Email Crow Newsletter.