{"id":622,"date":"2023-04-13T06:55:41","date_gmt":"2023-04-13T06:55:41","guid":{"rendered":"https:\/\/dataprot.net\/?p=622"},"modified":"2023-05-06T08:02:04","modified_gmt":"2023-05-06T08:02:04","slug":"business-email-compromise-examples","status":"publish","type":"post","link":"https:\/\/dataprot.net\/articles\/business-email-compromise-examples\/","title":{"rendered":"Business Email Compromise: Examples, Definition, and Safety"},"content":{"rendered":"\n<p>Business email compromise (BEC) is <strong>a sophisticated phishing scam that targets businesses and individuals via email<\/strong> to access financial information or other sensitive data.<\/p>\n\n\n\n<p>To help you protect yourself, this article:<\/p>\n\n\n\n<ol>\n<li>Defines BEC attacks<\/li>\n\n\n\n<li>Explains who they target and how they work<\/li>\n\n\n\n<li>Shows business email compromise examples<\/li>\n\n\n\n<li>Points out safety measures&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>So, read on to learn how to avoid becoming a BEC attack victim.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Business Email Compromise: Definition and Methods<\/h2>\n\n\n\n<p>The goal of a business email compromise attack is to defraud the company. These <strong>attacks target businesses of all sizes and industries<\/strong>, making this scam a significant threat to organizations worldwide.&nbsp;<\/p>\n\n\n\n<p>According to the FBI, <strong>BEC attacks are on a constant rise, inflicting billions of dollars worth of damages<\/strong>. There are <a href=\"https:\/\/dataprot.net\/statistics\/cyber-warfare-statistics\/\">64% of companies worldwide that have been affected by hacking attacks<\/a> at some point or another, many of those being BEC attacks.&nbsp;<\/p>\n\n\n\n<p>These <strong>scams use social engineering methods to trick victims into revealing sensitive information<\/strong> that can lead to sharing intellectual property details or sending money away.&nbsp;<\/p>\n\n\n\n<p>Business email compromise scammers usually spoof the email of a senior executive or another trusted individual within the organization to gain access to valuable resources. Sometimes, attackers even hack into an employee\u2019s email account to carry out their scheme.<\/p>\n\n\n\n<p>There are several common email compromise attacks businesses are exposed to, so let\u2019s take a closer look at how they work.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How BEC Attacks Work<\/h2>\n\n\n\n<p>Scammers <strong>will impersonate a higher-ranking company employee<\/strong> or an otherwise leading individual in the field when executing a BEC attack.&nbsp;<\/p>\n\n\n\n<p>Attackers will often use other people\u2019s corporate emails, leaving two victims behind \u2013 a person whose email account has been hacked and the one completing a deceitful request. Sometimes attackers claim to be vendors who request payments. They\u2019ll have unsuspecting victims send funds to their fraudulent bank accounts.&nbsp;<\/p>\n\n\n\n<p>Emails received as a part of the BEC attack <strong>will eventually ask for login details while indicating the matter is urgent<\/strong>, resulting in victims reacting quickly. Once a victim provides what was asked, scammers have all the tools to commit the crime.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Recognizing Business Email Compromise Attacks<\/h3>\n\n\n\n<p>BEC attacks are challenging to detect because <strong>they don\u2019t use malware or malicious URLs<\/strong>. Instead, <strong>the attacks rely on impersonation and other social engineering techniques<\/strong> to trick people into sharing protected information. BEC attackers will also use domain spoofing or lookalike domains to make their emails appear legitimate.<\/p>\n\n\n\n<p><strong>The best way to spot BEC scams<\/strong> is to discover something is off with the email accounts or the email body. Pay attention to the following:<\/p>\n\n\n\n<ul>\n<li>Poor grammar<\/li>\n\n\n\n<li>Spelling mistakes<\/li>\n\n\n\n<li>Unusual requests conveying urgency<\/li>\n\n\n\n<li>Emails containing unsolicited attachments and links<\/li>\n\n\n\n<li>Sender information that doesn\u2019t match the email address<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">BEC Anatomy<\/h3>\n\n\n\n<p>There are four phases of the business email compromise attack, and they are:<\/p>\n\n\n\n<ol>\n<li>Victim identification (email targeting)<\/li>\n\n\n\n<li>Launching the attack<\/li>\n\n\n\n<li>Exchange of information<\/li>\n\n\n\n<li>Financial gain<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Victim Identification<\/h4>\n\n\n\n<p>At this stage of the business email compromise scheme, cybercriminals <strong>identify key individuals within the company who have access to confidential information or financial records<\/strong>. Attackers conduct extensive research on their victims before launching BEC scams.<\/p>\n\n\n\n<p>They use <strong>publicly available information from sources like LinkedIn, Facebook, and Google<\/strong> to obtain sufficient details so they can impersonate upper-level executives in email communication.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Launching the Attack<\/h4>\n\n\n\n<p>In this stage, <strong>scammers impersonate high-level brass to build trust<\/strong> with the victim. <strong>They use spear-phishing, phone calls, or other social engineering tactics<\/strong> to target workers with access to company finances or confidential information.&nbsp;<\/p>\n\n\n\n<p>Once the victim becomes comfortable communicating with a \u201csuperior,\u201d an <strong>urgent request for sending sensitive data or wire transfer<\/strong> follows.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Exchange of Information&nbsp;<\/h4>\n\n\n\n<p>So what is the purpose of these attacks, and what is BEC actually about? It boils down to data breaches and financial gain. Exchanging information with an unassuming victim is the penultimate step in this business email compromise scheme.<\/p>\n\n\n\n<p>In this stage, <strong>an unfortunate worker believes they receive payment requests from a high-ranking employee<\/strong> and conduct legitimate transactions. By the time the victim realizes what happened, cybercriminals have likely already gained account information for a wire transfer.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Financial Gain<\/h4>\n\n\n\n<p>BEC scams can be incredibly lucrative for the perpetrators, as they can be used to obtain large sums of money before being detected. In some cases, the scammers may even be able to make off with the entirety of a company\u2019s bank account.&nbsp;<\/p>\n\n\n\n<p>These attacks can have a devastating effect on businesses, both financially and reputationally. Thus, companies need to be aware of the warning signs and have procedures to prevent such scams. <strong>If you receive a suspicious email or link to a website, do not respond<\/strong> and immediately alert your company\u2019s finance department and security team.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Five Common Business Email Compromise Examples<\/h2>\n\n\n\n<p>According to the FBI, there are five common BEC attack types:<\/p>\n\n\n\n<ul>\n<li>Data theft<\/li>\n\n\n\n<li>CEO fraud or whaling<\/li>\n\n\n\n<li>Email account compromise (EAC)<\/li>\n\n\n\n<li>Attorney impersonation<\/li>\n\n\n\n<li>False invoice scheme<\/li>\n<\/ul>\n\n\n\n<p>Here\u2019s a brief overview of these attacks:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Data Theft<\/h3>\n\n\n\n<p>According to the statistics, <a href=\"https:\/\/dataprot.net\/statistics\/cyber-security-statistics\/\">a cyber attack happens every 39 seconds<\/a>, and the most common targets are organizations. <strong>Cybercriminals usually target human resources (HR) employees<\/strong> to get personal or sensitive information about the company\u2019s CEOs, executive officers, partners, and investors.&nbsp;<\/p>\n\n\n\n<p>Data theft is known as stealing digital information from computers, servers, or other electronic devices to access sensitive information or violate privacy.&nbsp;<\/p>\n\n\n\n<p>Without the owner\u2019s consent, an unauthorized individual can remove, edit, or prohibit access to personally identifiable information or financial information and proceed with committing a broader cyber attack on the company.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CEO Fraud or Whaling<\/h3>\n\n\n\n<p>It\u2019s not uncommon for scammers to impersonate the CEO or other high-positioned executives online to gain the employees\u2019 trust. After <strong>establishing rapport with lower-ranking employees within the company, the attackers will inevitably ask them to transfer funds<\/strong> to fraudulent accounts or share sensitive information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Email Account Compromise&nbsp;<\/h3>\n\n\n\n<p>Email account compromise or an EAC is <strong>a standard BEC method in which the attacker mines the employee\u2019s contact list<\/strong> in search of vendors, suppliers, and other valuable connections. After that, cybercriminals send messages to these contacts to request invoice payments to bogus vendors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">False Invoice Scheme<\/h3>\n\n\n\n<p>This scheme involves a cybercriminal impersonating a supplier or a fellow employee of a company worker. <strong>The attacker pretends to be the supplier<\/strong> and requests funds to be transferred to a fraudulent account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Attorney Impersonation<\/h3>\n\n\n\n<p><strong>Attorney impersonation is a BEC fraud that involves fraudsters pretending to be the company\u2019s legal representatives<\/strong>. Bolder scammers have been known to try and trick CEOs and ask for wire transfers of funds.<\/p>\n\n\n\n<p>Still, lower-level employees are typical victims since they may lack relevant knowledge to question a request to transfer money. Furthermore, <strong>experienced cybercriminals tend to contact their unassuming victims on Friday afternoons<\/strong>, as that is when employees tend to pay the slightest attention.<\/p>\n\n\n\n<p>Now that we listed typical BEC examples and pointed out their methods and goals let\u2019s see how you can protect yourself.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Effective BEC Protection Measures<\/h2>\n\n\n\n<p>BEC protection should encompass <strong>multiple layers to help you separate an illegitimate from a legitimate request<\/strong> within the company. There are more safety tactics against BEC attacks, so let\u2019s review the most common ones.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Two-Factor Authentication for Business Email Accounts<\/h3>\n\n\n\n<p>Two-factor authentication, also known as 2FA, is an <strong>additional layer of security used to protect sensitive online accounts<\/strong> from cyber threats. When 2FA is enabled, users must provide two pieces of information before accessing their account.<\/p>\n\n\n\n<p>These two factors can be something the user knows, like a password or a physical token. Even if scammers obtain a user\u2019s password, <strong>they can\u2019t do any damage without the second protection layer<\/strong>. Some standard authentication tools requiring a smartphone are Google Authenticator and Duo Mobile.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Email Security Measures<\/h3>\n\n\n\n<p>If your organization is looking to up its security game, it\u2019s good to know what is the best business email compromise strategy to protect a brand. All-encompassing security involves a few measures:<\/p>\n\n\n\n<ul>\n<li><strong>Sender Policy Framework<\/strong> (SPF) is a protocol that creates records in DNS to show which email servers are valid. The protocol\u2019s primary goal is <strong>to prevent cybercriminals and spammers from sending emails<\/strong>.<\/li>\n\n\n\n<li><strong>DomainKeys Identified Mail<\/strong> (DKIM) <strong>proves that outbound mail is valid<\/strong> by adding a signature. It allows the recipient to verify an email is from a specific domain and, thus, a trusted source.<\/li>\n\n\n\n<li><strong>Domain Message Authentication, Reporting, and Conformance<\/strong> (DMARC) use DKIM and SPF to create robust email security. It <strong>sets verification rules that inbound mails must meet<\/strong> to avoid rejection.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Anti-Malware Protection&nbsp;<\/h3>\n\n\n\n<p>BEC fraud doesn\u2019t involve malware, yet <strong>anti-malware protection improves overall cyber security<\/strong>. Having anti-spyware, anti-virus, and other tools installed for premium security certainly can\u2019t hurt.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Communication Verification<\/h3>\n\n\n\n<p>Finally, <strong>verifying requests for fund transfers<\/strong> is a significant step to add to your protocols to ensure data safety. The best way to do so is <strong>by calling the person who allegedly sent the email<\/strong>. If you still have doubts about the request during phone confirmation, don\u2019t hesitate to hang up and contact your supervisor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Additional Security Practices<\/h3>\n\n\n\n<p>There are additional security practices you and your organization can implement to prevent damage:&nbsp;<\/p>\n\n\n\n<ul>\n<li><strong>Employee training against BEC attacks<\/strong> raises awareness and teaches workers to separate an email sent from a legitimate account from an illegitimate one. Training through phishing simulations and other tactics can highlight common tricks scammers use and keep employees vigilant.<\/li>\n\n\n\n<li><strong>Establish hard-to-break passwords<\/strong> and send regular updates on cyber security.<\/li>\n\n\n\n<li><strong>Have an updated mailing address and infrastructure<\/strong>, including network tools and operating systems.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What if You Responded to a BEC Email<\/h2>\n\n\n\n<p>If you suspect you responded to a BEC phishing attempt and revealed some contact details or other privileged information, do the following:<\/p>\n\n\n\n<ol>\n<li><strong>Immediately report the incident<\/strong> to your organization\u2019s IT\/cyber security team<\/li>\n\n\n\n<li>Request from your bank to <strong>suspend all transactions<\/strong><\/li>\n\n\n\n<li><strong>Change passwords<\/strong> for email and financial accounts<\/li>\n\n\n\n<li>Look through account statements for any suspicious activity<\/li>\n\n\n\n<li><strong>File a police report<\/strong><\/li>\n\n\n\n<li><strong>Notify your bank<\/strong>, credit card provider, and financial institution of the scam<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">What if You Fall Victim to a BEC Scam<\/h2>\n\n\n\n<p>If you fall victim to cyber criminals\u2019 business email compromise scam, act quickly to remedy the consequences of data breaches or an \u201curgent wire transfer.\u201d Your best course of action would be the following:<\/p>\n\n\n\n<ol>\n<li><strong>Get in touch with your financial institution<\/strong> immediately and report the fraudulent activity<\/li>\n\n\n\n<li><strong>File an incident report to your <a href=\"https:\/\/www.fbi.gov\/contact-us\/field-offices\" target=\"_blank\" rel=\"noreferrer noopener\">local FBI office<\/a><\/strong><\/li>\n\n\n\n<li><strong>File a complaint<\/strong> through the FBI\u2019s Internet Crime Complaint Center<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Now that you know what the BEC scam stands for and cybercriminals\u2019 goals and methods, you are better equipped to protect yourself and your organization. <strong>No company is safe from scammers <\/strong>unless it takes security protocols and practices seriously. Following the tips in this guide can reduce the risk of falling victim to BEC attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p> [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":623,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[3],"tags":[],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety.png",1280,720,false],"thumbnail":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety-150x150.png",150,150,true],"medium":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety-300x169.png",300,169,true],"medium_large":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety-768x432.png",768,432,true],"large":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety-1024x576.png",1024,576,true],"1536x1536":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety.png",1280,720,false],"2048x2048":["https:\/\/dataprot.net\/wp-content\/uploads\/2023\/04\/Business-Email-Compromise-Examples-Definition-and-Safety.png",1280,720,false]},"uagb_author_info":{"display_name":"Bojan Jovanovic","author_link":"https:\/\/dataprot.net\/author\/bojan-jovanovic\/"},"uagb_comment_info":0,"uagb_excerpt":"[&hellip;]","_links":{"self":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts\/622"}],"collection":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/comments?post=622"}],"version-history":[{"count":1,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts\/622\/revisions"}],"predecessor-version":[{"id":624,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/posts\/622\/revisions\/624"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/media\/623"}],"wp:attachment":[{"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/media?parent=622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/categories?post=622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dataprot.net\/wp-json\/wp\/v2\/tags?post=622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}