How To Recognize and Prevent a Business Email Compromise Attack

By Carla Barata • October 26, 2018

Recognizing any cybercrime begins with understanding what it is and how it can affect your company. One of the attack types which is becoming increasingly prevalent is business email compromise (BEC).

At its core, BEC is a phishing scam. But unlike regular phishing attacks where criminals trick users to leave personal information on fraudulent websites, BEC attackers deceive corporate employees using advanced social engineering in order to have them taking actions related to financial operations and private data extrusion.

A BEC attack usually starts with a money transfer request in an email seemingly sent from a CEO, CFO or other chief officer known to manage company finances. Attackers usually use email spoofing techniques to make the email sender look authentic. They will use the sort of language and tone that is expected. The employees, unsuspecting, will promptly obey their hierarchical superior in what it seems to be another urgent demand.

If you intend to protect yourself and your company from BEC here’s what you need to know to successfully recognize them and stop them from happening at your company:


Problems with Identifying Business Email Compromise (BEC) Attacks

BEC is successful because it relies on authenticity. Attackers usually spend weeks or even months collecting detailed information about the company, the executive they intend to impersonate, and the victim.

As a result, emails include a forged company domain and email signature, private information about the organization’s finances, products, internal organization, and market plans. In some cases, attackers use the executive’s language mannerisms in internal communication and even confirm money transfer requests via phone call.

According to the FBI’s public service announcement, the other major problem is that criminals don’t have a clear pattern of whom they attack, as long as the operation seems viable. They are just as likely to target low-level employees working in a business division unrelated to finance, as they are the CFO of the company. So, it’s important that everyone at the company is informed about the risks of BEC.

Key Features of Business email compromise (BEC) Attacks

  • BEC attack accusations share some common elements according to the Internet Crime Complaint Center (IC3). For example, companies that have an open source email infrastructure are often victimized, as are employees who manage finances and fund transfers.
  • BEC attacks also have an important technical aspect, related to the ability to use an authentic email address by spoofed or by using very similar email addresses. Security systems with authentication and anti-fraud mechanisms are likely to prevent a major piece of BEC attacks.
  • A common BEC attack is quite an elaborate operation. An employee receives an email from a spoofed email address impersonating an executive officer (usually CEO or CFO), or a known business associate. The email requests an immediate wire transfer (to pay a supplier, for example) which prompts the employee to take quick action.

How to Raise Awareness and Prevent Business Email Compromise (BEC)

The best way to remain safe from BEC is to implement security awareness programs. The company has to train all employees about the dangers of BEC and teach them how to recognize suspicious, and malicious emails.

Employees need to understand how to identify email addresses and cross-reference them in the company’s database. Learn how to verify personal information, signatures, and style of communication of executive officers. But most importantly, employees should never reply to suspicious emails.

Another way of identifying potentially harmful emails is to set up an email gateway and screen incoming emails for words like “payment”, “immediate”, “urgent”, “sensitive” and “secret” – common keywords in fraudulent communication.

Companies can also improve existing email infrastructure. Instead of using free web email services, business leaders, CTO and cybersecurity officers should establish secure company domains and upgrade security with advanced mail protection service (MPS).

As new fraud schemes arise it’s important to protect your business against BEC scams (impersonating level executives, sending phishing emails from which appears legitimate sources or request wire transfers), which led to intrusion and access to their victims’ credentials.

For more information about how to protect your company against Business Email Compromise (BSEC), read Preventing Business Email Compromise - How to Protect Your Organization.

Free Trial Mail Protection System