The Skysnag Blog

What is Business Email Compromise(BEC)?

October 1, 2022  |  4 min read

It is no surprise that the FBI has labeled Business Email Compromise (BEC) a “$26 billion fraud,” with an average cost to firms of $5.01 million per breach, and the threat keeps on growing. BEC scammers earned more than $1.8 billion in 2020, considerably more than any other sort of cybercrime. In this article, we will be looking at some of the most common BEC attacks and how to prevent them. We’ll start with the basics but feel free to jump ahead with the links below.  

Table of Contents

What is Business Email Compromise(BEC)?

Business Email Compromise (BEC) is a type of email fraud in which a malicious actor impersonates a high-level executive or another business-related figure in order to trick employees into transferring money or sharing sensitive information. The goal of a BEC attack is usually to steal money from the target organization, though sensitive data may also be exfiltrated as part of the attack.

Types of BEC

BEC attacks come in many different forms, but all share a common end goal: to trick employees into transferring money or sharing sensitive information.

Some common types of BEC attacks include:

CEO Fraud

In this type of attack, the attacker impersonates a high-level executive such as the CEO or CFO in order to trick an employee into transferring money to a fraudulent account.

Vendor Fraud:

In this type of attack, the attacker impersonates a vendor or other business partner in order to trick an employee into making a payment to a fraudulent account.

W-2 Phishing:

In this type of attack, the attacker impersonates a high-level executive or HR representative in order to trick an employee into sharing sensitive employee information, such as Social Security numbers or dates of birth.

Business Email Spoofing:

In this type of attack, the attacker spoofs the email address of a legitimate business in order to trick employees into clicking on a malicious link or opening a malicious attachment.

Domain Spoofing:

In this type of attack, the attacker registers a domain name that is similar to that of a legitimate business in order to trick employees into clicking on a malicious link or opening a malicious attachment.

How to Prevent BEC?

There are a number of steps organizations can take to prevent BEC. Some of these steps include:

Implement email authentication: Email authentication, such as SPF, DKIM, and DMARC, can help prevent email spoofing, a common type of BEC.

Educate employees: Employees should be educated on the risks of BEC and what to look for in a suspicious email. Raising awareness about the importance of not clicking on links or opening attachments from unknown senders is also crucial.

Implement a comprehensive security solution: A comprehensive security solution, such as a next-generation firewall, can help protect against a variety of BEC attacks.

Monitor for suspicious activity: Suspicious activity, such as large wire transfers or changes to vendor payment information, should be monitored and flagged for further investigation.

How Do BEC Attacks Work?

1. Identify the target victim.

BEC attacks usually begin with a phishing email. During this stage, an attacker researches the victim to develop an accurate profile of the company through sites like LinkedIn, Facebook, Google, etc.

2. Grooming

Equipped with the right information, the attacker will spoof the email address of a high-level executive or other business-related figure using social engineering tactics and send a message to employees asking them to transfer money or share sensitive information.

3. Exchange of Information

The message may look like it is coming from a legitimate sender and the victim is convinced that he is conducting a legitimate business transaction, but it will usually contain typos or other red flags that should be a cause for suspicion.

4. Payment

If an employee falls for the attack and transfers money or shares sensitive information, the attacker will then have access to the organization’s finances or sensitive data. The attacker may then use this information to steal money from the organization or commit identity theft by transferring the funds into a bank account controlled by the criminal organization.

What Are the Consequences of a BEC Attack?

BEC attacks can have a devastating effect on an organization. If an attacker is able to gain access to an organization’s finances, they may be able to transfer money out of the organization’s accounts. This can lead to significant financial losses for the organization. In addition, if an attacker is able to gain access to sensitive employee information, they may be able to commit identity theft. This can have a major impact on the employees whose information has been compromised, as well as the reputation of the organization.

How to Respond to a BEC Attack?

If you believe that you have been the victim of a BEC attack, follow these steps:

1. Notify your bank: If you have been tricked into transferring money to a fraudulent account, you should notify your bank immediately. They will be able to help you to recover the money that has been stolen.

2. Notify the police: You should also notify the police of the attack. They may be able to help you recover any money that has been stolen and will also be able to investigate the attack.

3. Notify your employees: If you have been tricked into sharing sensitive employee information, you should notify your employees of the attack. They may be at risk of identity theft and will need to take steps to protect themselves.

4. Notify your vendors: If you have been tricked into sharing sensitive vendor information, you should notify your vendors of the attack. They may be at risk of fraud and will need to take steps to protect themselves.

5. Notify your customers: If you have been tricked into sharing sensitive customer information, you should notify your customers of the attack. They may be at risk of fraud and will need to take steps to protect themselves.

6. Notify your insurance company: You should also notify your insurance company of the attack. They may be able to cover some of the costs associated with the attack.

7. Implement security measures: Finally, you should implement security measures to prevent future attacks. This may include implementing email authentication, educating employees on email security, and implementing a comprehensive security solution.

Conclusion

Falling victim to damaging malware, ransomware, and phishing assaults has become extremely frequent and severe over the past few years which is why Skysnag is here to protect you. Our automated DMARC solution mitigates the impact of phishing, ransomware, and malware attacks while avoiding BEC attacks.

Get started with Skysnag and sign up using this link to completely secure your email and ensure your organization remains free of cybercriminal activity. 

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.

Check your domain’s DMARC security compliance