business email compromise attack

What are business email compromise attacks?

Business email compromise (BEC) is the act of hacking or impersonating a corporate email account to defraud company staff or clients of their money and sensitive data. Such attacks are a popular form of cybercrime, comprising nearly half of the $3.5 billion in cybercrime-related losses during 2019.  

2020 saw a rise in this trend, with invoice and payment frauds spiking as criminals leveraged the uncertainties surrounding COVID-19.

With its grand payoffs for little effort, BEC schemes show no signs of slowing. We break down how the process works, how to spot and prevent such attacks, and how Terminal B’s solutions can help.

How BEC attacks work

BEC attacks typically employ social engineering tactics, where the attacker impersonates someone a recipient would trust, such as a manager or colleague. They then trick their victim into making payment transfers whether upon request, by diverting payroll, or by changing one’s bank account details (replacing them with the attacker’s offshore account) for future payments.

In more extreme cases, the hacker may actually breach the victim’s email account, making it easier to defraud their targets. This is known as email account compromise (EAC) and is a growing tactic amidst the rise of BEC attacks.

Both methods are difficult to spot and prevent due to the use of increasingly sophisticated impersonation techniques. However, the right security tools, habits, and practices can effectively minimize the risk of such threats in the workplace.

How to spot a BEC attack

Since BEC attacks rely on spoofing one’s email address, keeping a lookout for lookalike domains is an easy way to spot such tactics. With the vast amount of emails one often receives, however, these can often fly under the radar.

It’s thus important to look out for other common red flags, including sudden requests for payroll diversions, last-minute wire transfers, and messages that read suspiciously off from the person’s usual writing style.

Keywords such as “urgent,” “sensitive,” and “secret” are often used in fraudulent emails regarding payment transfers, so it’s also best to keep watch for such terms.

Types of BEC attacks

According to the FBI, there are three main types of BEC attacks. These are:

  1. The bogus invoice scheme, in which attackers impersonate a company’s trusted supplier, requesting wire funds to be sent to a fraudulent account. This is also referred to as “the supplier swindle” or the “invoice modification scheme.” In the third quarter of 2020, the frequency of these attacks rose by a whopping 155% from the previous quarter, placing it among the most pervasive BEC tactics of previous months.


  2. Impersonating high-level business executives, such as CEOS, CFOs, etc. Accounts may be spoofed or hacked through this method, requesting employees (or in some instances, financial institutions) to perform wire transfers to the criminal’s bank account. This is also known as the “CEO fraud,” “business executive scam,” or “financial industry wire fraud.”


  3. The email account compromise (or EAC), in which attackers hack an employee’s actual email account, requesting invoice payments to be made to fraudulent bank accounts under the guise of trusted vendors. A business may not be aware of such payments unless their vendors contact them on the status of their invoice payment.

Best practices for protection

To prevent BEC attacks, it’s important to build proper awareness among your workers. Train your employees to watch out for common signs or red flags, to cross-check a sender’s address with that of a corresponding executive’s, and to forward any suspicious emails to IT.
Proper security practices, such as implementing multifactor authentication and deploying DMARC (Domain-based Message Authentication, Reporting, and Conformance) safeguards, can further minimize the likelihood of compromised email accounts. Ensuring your business registers as many domains as possible can also reduce the risk of email spoofing.
Investing in the proper tools and software is also critical. Avoid using free, web-based email platforms, and instead opt for email accounts under an official company domain. Implement stricter accounting controls to verify payment requests and approvals. 
Having post-delivery protection tools, where AI and machine learning is used to monitor email networks for signs of malicious activity, can also help you identify signs of email compromise, unusual login locations, and multiple failed login attempts.

Boost your security for 2021

With cybercrime on the rise, quality security solutions should be a top priority for any business. Our experts at Terminal B provide all Texas-based companies with fully managed cybersecurity, providing workers with the proper training and tools required for a healthy security culture. Keep your business data (and finances) in safe hands, and get in touch with us today.  

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top