What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a sophisticated type of cyber attack that targets businesses and individuals who perform wire transfer payments. The aim of these attacks is to trick the victim into making a bank transfer or revealing sensitive information to the attacker, who is masquerading as a trusted entity. This form of cybercrime has seen a significant rise in recent years, causing substantial financial losses to businesses worldwide.

The term BEC is often used interchangeably with Email Account Compromise (EAC), which is a similar type of attack. However, the main difference lies in the target; while BEC attacks primarily target businesses, EAC attacks can target individuals as well. These cyber attacks exploit the fact that people are often the weakest link in the security chain, and rely heavily on social engineering techniques to succeed.

Types of Business Email Compromise (BEC) Attacks

There are several types of BEC attacks, each with its own unique characteristics and methods. Understanding these different types can help businesses and individuals better protect themselves against these threats.

Common types of BEC attacks include CEO Fraud, Bogus Invoice Scheme, Account Compromise, Attorney Impersonation, and Data Theft. Each of these types will be discussed in detail in the following sections.

CEO Fraud

CEO Fraud, also known as Whaling, is a type of BEC attack where the attacker impersonates a high-ranking executive within the company. The attacker typically sends an email to an employee in the finance department, requesting an urgent wire transfer to a specified account.

The email is designed to look like it came from the CEO or another high-ranking executive, and often includes a sense of urgency or secrecy to pressure the recipient into complying without questioning the request. This type of attack can be very effective, as employees are less likely to question requests that appear to come from their superiors.

Bogus Invoice Scheme

In a Bogus Invoice Scheme, the attacker impersonates a vendor or supplier that the company regularly deals with. The attacker sends an invoice for a product or service, often with the payment details changed to an account controlled by the attacker.

Because the invoice appears to come from a trusted source, the recipient is likely to pay the invoice without realizing that they are sending money to the attacker. This type of BEC attack can be particularly effective against companies that do not have strong internal controls for verifying and approving invoices.

How BEC Attacks Work

BEC attacks rely heavily on social engineering techniques to trick the victim into believing that the email is from a trusted source. The attacker will often spend a significant amount of time researching the target to make the email as convincing as possible.

The attacker may use information gathered from social media, company websites, and other public sources to learn about the company’s structure, employees, and business partners. This information can then be used to craft a convincing email that appears to come from a trusted source.

Phishing and Spear Phishing

Phishing and spear phishing are common techniques used in BEC attacks. In a phishing attack, the attacker sends a generic email to a large number of targets, hoping that some of them will fall for the scam. The email often contains a link to a fake website where the victim is asked to enter their login credentials.

Spear phishing, on the other hand, is a more targeted form of phishing. The attacker targets specific individuals or companies, and the email is often personalized to make it more convincing. Spear phishing is commonly used in BEC attacks, as it allows the attacker to target specific individuals within the company who have the authority to make wire transfers or reveal sensitive information.

Email Spoofing

Email spoofing is another technique commonly used in BEC attacks. In an email spoofing attack, the attacker modifies the email header to make it appear as if the email came from a different source. This can make it difficult for the recipient to identify the email as a scam, as it appears to come from a trusted source.

However, there are ways to detect email spoofing. For example, the recipient can check the email header to see if the return path matches the displayed sender’s email address. If the two do not match, this may be a sign of email spoofing.

Preventing BEC Attacks

Preventing BEC attacks requires a combination of technical measures and user education. On the technical side, companies can implement email filtering solutions that can detect and block phishing emails and other types of malicious emails. They can also use two-factor authentication (2FA) to add an extra layer of security to their email accounts.

On the user side, education is key. Users should be trained to recognize the signs of a BEC attack, such as unusual requests for wire transfers or changes in payment details. They should also be encouraged to verify any suspicious emails by contacting the supposed sender through a separate communication channel.

Technical Measures

There are several technical measures that companies can take to protect themselves against BEC attacks. One of the most effective measures is the use of email filtering solutions. These solutions can detect and block phishing emails, as well as emails that contain malicious attachments or links.

Another effective measure is the use of two-factor authentication (2FA). With 2FA, users are required to provide two forms of identification when logging in to their email account. This can significantly reduce the risk of account compromise, as the attacker would need both the user’s password and the second form of identification to gain access to the account.

User Education

User education is a critical component of any cybersecurity strategy. Users should be trained to recognize the signs of a BEC attack, such as unusual requests for wire transfers or changes in payment details. They should also be encouraged to verify any suspicious emails by contacting the supposed sender through a separate communication channel.

Regular training sessions can help keep users up-to-date on the latest BEC tactics and techniques. These sessions can also provide users with the opportunity to ask questions and discuss any concerns they may have about BEC attacks.

Responding to BEC Attacks

If a company falls victim to a BEC attack, it’s important to respond quickly to minimize the damage. The company should immediately contact their bank to stop the fraudulent transfer, and report the incident to the local law enforcement and the FBI’s Internet Crime Complaint Center.

The company should also conduct a thorough investigation to determine how the attack occurred and what steps can be taken to prevent future attacks. This may involve reviewing email logs, interviewing employees, and conducting a forensic analysis of the compromised email account.

Contacting the Bank

If a company falls victim to a BEC attack, one of the first steps they should take is to contact their bank. The bank may be able to stop the fraudulent transfer if it has not yet been completed. The company should provide the bank with all the information they have about the attack, including the date and time of the transfer, the amount transferred, and the account to which the money was transferred.

Even if the bank is unable to stop the transfer, they can still provide valuable assistance. For example, they can help the company track the money and identify the recipient. They can also provide advice on what steps the company should take next.

Reporting the Incident

Reporting the incident to the local law enforcement and the FBI’s Internet Crime Complaint Center is another important step. The law enforcement can investigate the incident and may be able to recover some or all of the stolen funds. They can also provide advice and assistance on how to prevent future attacks.

The FBI’s Internet Crime Complaint Center collects data on cyber crimes, including BEC attacks. By reporting the incident, companies can help the FBI track and investigate these crimes. This can lead to the identification and prosecution of the criminals behind the attacks, and can also contribute to the development of new strategies and techniques for preventing BEC attacks.

Conclusion

Business Email Compromise (BEC) is a serious threat to businesses and individuals alike. These attacks can result in substantial financial losses, and can also damage a company’s reputation. However, with the right measures in place, companies can significantly reduce their risk of falling victim to a BEC attack.

Preventing BEC attacks requires a combination of technical measures and user education. Companies should implement email filtering solutions and two-factor authentication to protect their email accounts, and should also provide regular training to their users to help them recognize and respond to BEC attacks. If a company does fall victim to a BEC attack, it’s important to respond quickly to minimize the damage and prevent future attacks.