Business Email Compromise is a fraud method that uses fake business emails to, for example, obtain sensitive data or trigger financial transactions. Cybercriminals send emails that appear to be from employees, executives, or business partners and ask the recipient to perform certain activities for their benefit.
What is Business Email Compromise (BEC)?
The abbreviation for business email compromise is BEC. An alternative term sometimes used is CEO Fraud. Business Email Compromise is a scam that uses spoofed emails or unauthorized access to business email accounts.
Cybercriminals send emails with business content that appear to be from executives, employees, partners, customers or service providers. They ask the recipient to perform a specific action in their favor. Believing the message to be authentic and actually coming from the given sender, the email recipient discloses, for example, confidential or sensitive data or performs a business transaction such as transferring money to a communicated account.
The fraudsters use fake business correspondence to reach their criminal target. Potential victims of Business Email Compromise can be businesses, organizations, or public entities. BEC is an online threat with great potential for financial damage.
Process and types of Business Email Compromise
To impersonate a specific email sender, criminals use various methods. They engage in email spoofing to pretend an identity, use a previously hijacked email account to send messages, or forge email signatures. The cybercriminals have obtained the information needed for this via social engineering, spear-phishing, malware, or via publicly available information sources and other methods.
Based on the insider information and known names of executives, customers, partners, or employees, authentic-looking emails are composed. Business email compromise comes in several varieties. The fake business emails originate, for example:
- From a supplier requesting that an outstanding invoice be paid
- From a member of the company’s management or the CEO, asking an employee to make a payment or provide him with data
- From a customer of the company requesting an outstanding delivery
- By an employee of a company who sends fake invoices to customers
- An attorney or other specially authorized person requesting the release of sensitive data.
Typical detection characteristics of BEC
Typical detection characteristics of Business Email Compromise include:
- Email recipients are put under time pressure
- E-mail recipients are requested to maintain confidentiality
- The recipient is asked to make a transaction, transfer money or provide data in a way that deviates from the usual processes.
- The transfer account is located abroad
- The financial transaction cannot be precisely attributed to a company transaction
- The sender uses an unusual form of address or spelling
- There are spelling or grammatical errors in the message
- The sender’s e-mail address or the signature of the message shows slight discrepancies
- Unusual number and date formats are used
- The reply address does not match the sender’s address
BEC protection measures
Common protective measures such as scanning for malicious file attachments or fraudulent sender addresses are usually ineffective against Business Email Compromise. Instead, employees and managers must be made aware of this type of cyber threat. The typical characteristics of BEC messages must be conveyed in training sessions.
A healthy distrust in dealing with business e-mails that request certain transactions is recommended. If in doubt, it helps to check with the sender of the message by telephone. To prevent misuse or hijacking of business email accounts, strong authentication procedures and multi-factor authentication should be used.