Business Email Compromise (BEC) Scams

What is a Business Email Compromise?

Business email compromise attacks or also known as BEC fraud, is an internet crime that uses email to carry out criminal tactics such as invoice scams, spear phishing, and spoof attacks to gather information and data to perform other activities by cybercriminals.

BEC scams target organizations by impersonating a high-level employee from the organization like a CEO/ CFO who can authorize wire transfers or other financial transactions. They will ask the victim, associated with the finance department, to wire money or make wire transfer payments of a specific amount to their financial institution fraudulent accounts offshore.

These phishing attacks and email scams do not just happen overnight. They are well thought out and planned.

Cyber Criminals Preparation & Education

The attackers study an organization, its employees, and financial transaction methods before selecting a victim of their attack. These scams need months of preparation, social engineering, and phishing skills. Their approach is based on using the fear of the chain of command to get money into their accounts. An employee from the tech finance/ human resources department may not question the requests made by a top-level employee. These are how a BEC attack can be carried out:

Scam Attacks by Impersonation  

In an impersonation attack, the scammer studies the organization and chooses a victim who will not question requests or transactions authorized by a top-level executive like a CEO. The scammer will study not only the victim but also higher up executives and will send the victim an email, which will look like 'URGENT - I'm stuck in a business meeting and will be out of reach for the next few hours. Transfer $XXXXX to bank account number #XXXXXXXX ASAP.' Any employee who receives an email like this doesn't take the time to check the authenticity of the email and will end up transferring funds to the attacker's account. Here are a few ways to avoid phishing emails and email account compromise:

Verify the email address. If the email domain looks similar but does not belong to the organization, raise a flag. Pass the message on to the IT department.

Start filtering out and blocking emails from domains that look like your organizations.

Always try to verify the authenticity of the email account and its content either with your colleagues/ superiors.

Credential Compromise

In a credential compromise attack, the attacker uses social engineering and phishing skills to get the username and password of the victim. It can be played out in two ways:

  • Compromising a top-level executive's account - someone who can authorize a payment
  • Compromising an employee's account - someone who does wire transfers and transactions daily

Supplier Fraud by Account Compromise

The cybercriminals can impersonate a supplier that is associated with the company. An employee (victim) will receive an email from the impersonated supplier's (attacker) email account requesting funds or payment via wire transfers. Any employee who does not verify the authenticity of the email can fall prey to this attack or scam and might end up causing millions of dollars in losses to the company. This attack might not be monetary but can result in a data breach. The attacker could ask for business details and other confidential information through phishing emails. This information will then be used to plan and carry out the attack. While multi-factor authentication (MFA) can help minimize those security gaps, it is not 100 percent effective as cybercriminals continue to evolve, and cyber threats increase. Spammers and hackers are adding more credential phishing ways to capture and instantly steal usernames, passwords, and verification codes to commit fraud.

FBI released an alert saying that organizations lost upwards of $12 Billion to BEC scams. This could also impact the reputation of the company for having poor IT practices and security awareness training in place. Don't be a victim of a compromised account. If you receive an email with a suspicious link in the content, we advise you to scan the URL on and check if it is a phishing scam or a clean page.

Abhilash Garimella

Abhilash Garimella