BEC Scams – Business Email Compromise

“Business Email Compromise” (BEC) is an online scam where attackers aim to compromise or forge email communications for financial gain or sensitive information.

BEC scam targets company employees, compelling them to take harmful actions like transferring money, resulting in substantial financial losses and prompting FBI attention.

BEC attacks directly target individuals responsible for company payments, making it one of the most damaging phishing attacks.

BEC’s strength lies in appearing as a message from a trusted figure within the organization, exploiting trust in email communications.

Scammers use sophisticated social engineering techniques to deceive recipients, aiming to acquire money or confidential information.

A BEC attack uses a seemingly legitimate email address to prompt the recipient into taking a specific action.

The primary goal of a BEC attack is to convince the victim to send money to the attacker.
The victim is led to believe they are conducting a legitimate and authorized business transaction.

The cybercriminal can achieve this result in various ways:

Examples of Business Email Compromise attacks:

• Ceo Impersonation
  Exploiting power dynamics, the criminal impersonates the CEO in emails, requesting urgent money transfers or sensitive information.

• Fake purchase orders/invoices
  The hacker poses as a supplier or partner, sending falsified purchase orders or invoices. These documents contain altered banking details for funds transfer.

• Payement information alteration
  The scammer alters payment information in compromised emails, redirecting payments to themselves.

• Employee phishing
  Criminals send phishing emails to obtain login credentials or sensitive information, allowing access to company systems or impersonation of employees.

• Compromise of business partners’ emails
  Hackers exploit compromised business partner emails to send harmful emails or fraudulent requests.

• Account compromise
  A compromised email account within an organization is used to request invoice payments with altered details.

• Lawyer impersonation
  Attackers capitalize on employees’ tendency to respond to urgent requests from lawyers or legal representatives.

• Data Theft
  BEC attacks target HR and Finance personnel to steal employee information for sale or future attacks.

Protect your company and your employees

Such attacks can be highly damaging and costly for your business.
You can defend yourself and avoid unnecessary risks with simple precautions for email and corporate communication security.

• Implement anti-phishing protections: BEC emails are forms of phishing, so protecting yourself with anti-phishing solutions is essential.
• Use an anti-phishing solution: This type of solution identifies BEC emails, such as mismatched reply addresses, using machine learning to detect signs of an attack.
• Protect account credentials: Attackers often target access credentials to corporate email boxes. Evaluate whether your email provider offers protection against credential theft.
• Train employees: Email security training is vital. Teaching employees how to recognize and respond to BEC attacks reduces the risk of phishing.
• Separate duties: Implement company policies that require independent verification for risky actions, clearly defining employees’ responsibilities and permissions.
• Label external emails: Configure email to label external emails, helping to identify BEC attacks attempting to mimic internal addresses with domain spoofing or lookalike domains.

Qboxmail provides protection against BEC attacks, phishing emails, and email spoofing.

With Email Security, we offer you multi-layered protection and many other benefits.
Contact us for more information.