Business Email Compromise (BEC) is one of the most pertinent methods of email fraud. These attacks have made several billion dollars by now, making them one of the most dangerous forms of cyber attacks in the world.
As mentioned, BEC is a form of email fraud, one in which the attacker hacks into the corporate email account and impersonates the owner of the said email to defraud the company or those working for it, and cooperating with it. Appropriately, the other name for these types of attacks is ‘man in the email.’
All in all, business email compromise is a very sophisticated level of fraud. It starts with deep research on the side of the hacker. A great attacker will go to great lengths to learn about the company, their hierarchy, the names and info of the people working for it, and everything that enables the attacker to personify a victim or mimic a company process.
The next step for the attacker is to get access to a specific executive’s email account. They have a variety of ways to achieve this and most are meticulous enough that they even change the account settings so that the executive is never alerted to any change.
The trick here is that the hackers always learn and follow a company for as long as they need to until they come up with an efficient scam scenario for that specific company or employee. In reality, an overwhelming number of BEC attacks target executives and CEOs.
The Most Common BEC Scams
The invoice scam – here the attacker uses an employee’s email to send invoices to clients of the company which then send them money.
The lawyer scam – here the scammer pretends to be a lawyer with their email asking clients for money. They usually threaten to release confidential information.
The boss scam – here the hacker uses an executive’s email to ask employees to transfer money from the corporate account to the hacker’s.
BEC in Numbers
In 2017, a Lithuanian man used a BEC-styled attack to steal more than $100 million from a Taiwanese electronics manufacturer whose clients include Facebook, Google, and Apple. That goes to show that not even major companies are immune to these seemingly simple yet highly sophisticated attacks.
We mentioned at the beginning of the article that BEC had cost several billion dollars. The FBI reported in 2018 that global BEC losses had hit $12.5 billion, which $2.9 billion of it was from U.S. victims.
In 2017 there was a total of 9,708 attempts at implementing a BEC scam, while that number increased to 12,472 at the end of 2018.
AnubisNetworks is focused on stopping Business email compromise (BEC) and other forms of cyber attacks. Our advanced email security software provides a business solution that relies on global infrastructure for real-time threat detection and prevention. Schedule a demo today and discover how you can increase the level of email safety at your company.