What Is Business Email Compromise (BEC)?

Business Email Compromise (BEC)

Business Email Compromise (BEC), while not making headlines as much, remains one of the most lucrative and pervasive forms of cybercrime, accounting for an estimated $26 billion in losses alone in 2019.

Criminals use real or fictitious business email addresses to dupe employees into sending money directly into their accounts, creating havoc among small businesses. This type of fraud is particularly devastating.

What Is Business Email Compromise (BEC)?

Business Email Compromise (BEC) has long been one of the most damaging forms of cyberattack. A global problem, this threat targets executives and employees across organizations – making detection and prevention hard because attackers often employ multiple channels when targeting companies.

BEC scams often utilize targeted phishing attacks as well as fake invoices and letters from vendors in order to trick employees into wire transfers or providing sensitive data that will eventually enable money theft from an organization. The aim is for BEC scammers to steal both money and valuable data from organizations they target.

Facebook and Google were recently subject to an attack where criminals impersonated hardware suppliers like Quanta Computer to con them into sending millions of dollars directly into accounts controlled by perpetrators.

Organizations seeking to defend against BEC attacks need visibility into malicious activities on internal systems and cloud services, including account takeover. They should look for security solutions which detect account takeover, use pattern analysis to detect new devices or logins that might be being utilized by an adversarial actor and use pattern detection features that detect account takeover attempts.

Email Account Compromise vs BEC

Email is a vital business communication tool, used for internal discussions as well as external client and customer relationships and sharing sensitive data. Unfortunately, email can also become a target of cybercriminals – one of the fastest-growing and financially damaging Internet-enabled crimes being seen across industries and especially real estate, finance and education industries where transactions involve high value transactions.

Criminals can gain access to legitimate business emails through phishing attacks or by purchasing credentials on the dark web. Once inside an email account, criminals can use it to impersonate trusted individuals and launch fraud or theft campaigns using it as their platform.

BEC scams typically involve financial transactions, such as transferring money from one account to another or wire transfers for purchases; however, attackers can use email to request personal data from employees and customers–this information could include social security numbers, addresses or any other confidential details that could be misused for identity theft or financial gain – this type of attack is known as Email Account Compromise (EAC).

Types of BEC Scams

BEC attacks can be divided into five different categories, such as CEO fraud, invoice fraud, vendor email compromise (VEC), account compromise and business service scams. All of these attacks exploit human nature by using email communication designed to trick victims into parting with money or sensitive data.

Before beginning their attack on a company, hackers gather intelligence by researching publicly available data such as social media accounts, press releases and websites. By gathering as much information on them as possible before initiating their attack plan, they gain an overview of all its internal communication processes as well as employee correspondence habits.

Once a hacker has gained sufficient information about their target company, they will start planning an attack against it. Once ready to strike, they may send emails demanding funds or sensitive data accompanied by false claims of urgency from their victims.

An impersonating vendor scam occurs most commonly and involves cyber criminals requesting payment transfer to an illegitimate account. Employees often find it difficult to tell whether an email from this type of criminal can be trusted or not, therefore using protocols like DMARC can mitigate its impact and limit these attacks.

How Does a BEC Scam Work?

At the core of any Business Email Compromise (BEC) attack lies reconnaissance. Hackers will initially scan LinkedIn profiles and company websites in search of employee details including titles, responsibilities and correspondence habits before identifying which employees can transfer funds between accounts within an organization.

Once hackers have this information, they can craft a phishing email purporting to come from one of these employees and request a transfer of funds – this could be for closing deals, paying invoices late, or buying gift cards for fellow workers.

Employees may not recognize the requests, since they appear legitimate. Attackers use spoofing technologies and lookalike domains to make their emails look real; however, being vigilant and constantly reminded what to watch out for will increase the chance that illegitimate email requests will be noticed by employees. Implementing authentication protocols like DMARC and other filters may also help filter spoofed emails out before reaching the inbox.

Why are BEC attacks so hard to detect?

Email account takeover typically involves accessing and taking control of a business email, usually through credential phishing or exploiting security vulnerabilities. Once in control, an attacker then moves funds out of the business into their control via fraudulent financial transactions, impersonating senior executives or vendors while covering up their tracks.

BEC attacks can strike any organization, but criminals usually aim for those with an inadequate email security infrastructure and short approval chains. Attackers invest significant resources into researching their targets before employing techniques like email spoofing and lookalike domains to make their scam emails look genuine and believable.

Detecting BEC attacks may be challenging, but there are ways to lower the risk. Implementing Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies can help deter email spoofing by verifying authentic email senders identities. Employee training to recognize common cyber schemes like phishing is also vital; training should continue and evolve as threats change over time. Furthermore, employing a business email threat protection solution capable of monitoring anomalous login patterns such as changes to passwords, forwarding rules or contact groupings can help detect potential compromises more quickly than traditional measures alone.

How To Protect Against BEC Scams?

While every Business Email Compromise (BEC) scam differs in specifics, all attacks depend on hackers gaining access to a company’s email server. Fraudsters may use various methods – malware infection of networks or individuals and groups or targeted phishing attacks and even domain spoofing as means for accessing company emails – in order to gain entry.

Once hackers gain access to a business’s email, they can request invoice payments or wire transfers from customers – often making these requests urgent and confidential in order to fool financial officers into complying without conducting an independent review of them first.

To protect against these attacks, organizations should educate employees on the dangers of BEC and recognize potentially risky emails. It is also critical that email policies prioritize security with two-factor authentication enabled across all accounts and cyber solutions with dark web monitoring and cloud application security can help safeguard against them. In 2019, BEC caused $26 billion of global exposed losses according to FBI and IC3, making it one of the most widespread and expensive cyberattacks worldwide.

Why are BEC attacks so hard to detect?

BEC attacks are notoriously difficult to identify because they rely on social engineering techniques and impersonation instead of malware; as a result, they frequently bypass traditional threat detection solutions which analyze email headers and links for any indications of harmful activity.

Attackers typically spoof an executive’s email address in order to make their request appear more legitimate, along with giving an explanation as to why it’s urgent or confidential. Furthermore, attackers might provide instructions as to where the money should be sent.

Attackers frequently target employees who have access to company finances, such as accounts payable or finance personnel. Furthermore, new or entry-level employees who may not understand internal processes or how to verify suspicious requests are particularly susceptible.

As mentioned previously, attackers frequently evolve their schemes until they find an opening in security that allows them to gain entry and steal funds. It can be challenging keeping up with such threats and preventing attacks; one effective solution for mitigating risks is through robust cybersecurity training programs.


Email compromise doesn’t get as much publicity as ransomware or large-scale malware attacks, yet it remains an extremely serious threat to business. Estimates estimate that businesses lost $4.2 billion due to phishing attacks in 2020 alone – with those losses only expected to increase with time.

As a way of protecting against BEC scams, be wary of emails asking for login credentials or personally identifiable information (PII). Take extra caution when responding to such messages and don’t rush into taking any actions immediately — particularly those which require funds transfers or give out sensitive data.

The National Credit Union Administration recommends that credit unions report any suspicious wire transfers or activities to the FBI’s Internet Crime Complaint Center immediately to increase chances of funds being recovered and reduce any member impact from fraudulent funds being misused. By reporting incidents swiftly, you can help others learn from your experience and avoid similar losses; furthermore, we advise you to create a specific protocol on how your team will mitigate data breaches and cyberattacks overall, including strategies for dealing with financial scams.

Sam is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.