What is Business Email Compromise?

Business Email Compromise is a sophisticated scam where attackers impersonate executives or trusted parties via email to trick employees into transferring funds or revealing sensitive information.

What is Business Email Compromise?

Business Email Compromise (BEC) is a targeted social engineering attack where adversaries impersonate executives, vendors, or trusted parties through compromised or spoofed email accounts. Attackers manipulate employees into making wire transfers, changing payment details, or sharing sensitive data, resulting in billions of dollars in losses annually worldwide.

How do BEC attacks work?

Attackers research target organizations through LinkedIn, press releases, and social media to identify key personnel and business relationships. They compromise email accounts through phishing or credential theft, or register lookalike domains. They then send convincing requests for wire transfers, invoice payments, or sensitive data using established trust relationships.

What are the common types of BEC attacks?

Common types include CEO fraud (impersonating executives to request urgent wire transfers), vendor email compromise (hijacking supplier accounts to redirect payments), attorney impersonation (leveraging legal urgency), W-2 phishing (requesting employee tax information), and real estate transaction fraud (intercepting property closing communications).

How much does BEC cost organizations?

The FBI's IC3 reports BEC as the costliest cybercrime category, with losses exceeding $2.7 billion annually in the US alone. Individual incidents frequently exceed $100,000, and some cases involve losses of tens of millions of dollars. The average BEC loss is significantly higher than other cyber fraud categories.

How do you prevent BEC attacks?

Prevention requires multi-factor authentication on all email accounts, DMARC/DKIM/SPF email authentication, out-of-band verification for payment changes, dual-authorization for wire transfers, employee security awareness training, email filtering for impersonation attempts, and established procedures requiring verbal confirmation for financial requests.

What role does email authentication play in preventing BEC?

DMARC, DKIM, and SPF protocols validate email sender authenticity, preventing domain spoofing. Implementing DMARC at enforcement policy (p=reject) blocks spoofed emails from reaching employees. However, email authentication does not prevent attacks from compromised legitimate accounts or lookalike domains, requiring additional controls.

How does BEC relate to social engineering testing?

Social engineering assessments simulate BEC attacks to evaluate employee susceptibility and organizational controls. Testers craft realistic impersonation emails targeting finance teams, test out-of-band verification procedures, evaluate email filtering effectiveness, and measure employee response to fraudulent requests. Results inform training and control improvements.

What should you do if you suspect a BEC attack?

Immediately contact the financial institution to attempt fund recovery (time is critical), report to the FBI IC3, preserve all emails and communication records, investigate how the attacker gained access or information, reset compromised account credentials, notify affected parties, and review and strengthen verification procedures to prevent recurrence.