Definition of Business Email Compromise
Business Email Compromise (BEC) is a type of cyber attack in which a fraudster gains unauthorized access to a company’s email system or impersonates a high-level executive to manipulate employees or clients for financial gain. This typically involves using social engineering techniques, such as phishing or spear-phishing, to trick employees into revealing sensitive information or making unauthorized transactions. BEC attacks can result in significant financial loss for businesses and negatively impact their reputation.
Phonetic
The phonetic pronunciation of “Business Email Compromise” would be: Business: /ˈbɪznɪs/Email: /ˈiːmeɪl/Compromise: /ˈkɒmprəmaɪz/In international phonetic alphabet (IPA) notation, it would be: /ˈbɪznɪs ˈiːmeɪl ˈkɒmprəmaɪz/
Key Takeaways
- Business Email Compromise (BEC) is a sophisticated cyber attack that targets organizations by impersonating a high-level executive or trusted vendor, typically using phishing techniques.
- The primary goal of BEC is to trick employees into transferring sensitive information or large sums of money to the attacker’s account, causing significant financial and reputational damage to companies.
- Prevention strategies include email authentication, strong password policies, employee awareness training, and implementing multi-factor authentication for financial transactions.
Importance of Business Email Compromise
The technology term “Business Email Compromise” (BEC) is important because it refers to a sophisticated cybercrime tactic targeting businesses and organizations, leading to significant financial losses and reputational damage.
BEC scams usually involve the impersonation of executives, employees, or business partners through deceptive email communications seeking unauthorized transfers of funds or divulging sensitive information.
The growing prevalence of these scams exemplifies the need for businesses to prioritize cybersecurity measures, adopt employee training programs, and ensure robust email authentication procedures in order to mitigate the risks associated with BEC attacks and protect their overall security and integrity.
Explanation
Business Email Compromise (BEC) refers to a type of cyber attack that specifically targets organizations and their employees in order to deceive them into revealing sensitive information or transferring funds to unauthorized accounts. Typically, cybercriminals perform these attacks by impersonating a high-level executive or a trusted vendor.
The purpose of BEC is to gain unauthorized access to an organization’s valuable data or financial assets, thereby significantly impacting their operations and reputation. To achieve their malicious objectives, cybercriminals use sophisticated tactics such as manipulating email addresses, domain spoofing, or social engineering, in order to gain the trust of the targeted party.
Once the trust is established, the attackers exploit the relationship by requesting employees to perform financial transactions or share sensitive business-related information. These actions can lead to severe financial and operational losses for the organization, and may also compromise their clients’ data.
Therefore, it is crucial for businesses to stay vigilant and invest in education, preventive measures, and robust security protocols to help mitigate the risks associated with Business Email Compromise.
Examples of Business Email Compromise
Scoular Company BEC scam: In 2014, the Scoular Company, an American commodities trading firm, lost $
2 million in a Business Email Compromise (BEC) scam. The cybercriminals impersonated the company’s CEO and requested multiple wire transfers from a senior executive. Believing the email to be genuine, the executive wired the requested amounts to a bank in China. The scam was discovered after the transfers were completed, leading to significant financial losses for Scoular.
FACC AG cyberattack: In 2016, Austrian aerospace company FACC AG fell victim to a BEC scam resulting in a loss of approximately €50 million. In this attack, the perpetrators posed as high-ranking executives within the company and instructed finance department employees to transfer funds to an account for a fake acquisition project. The funds were moved to multiple foreign accounts before being discovered, leading to severe financial losses for FACC and the firing of their CEO and CFO.
Save The Children Federation: In 2017, U.S.-based charity organization, Save The Children Federation, suffered a financial loss of approximately $1 million due to a BEC scam. In this case, cybercriminals targeted an employee of the organization and posed as a trusted vendor. The employee was deceived into believing that the hacker’s bank account details were legitimate and transferred the funds to the fraudulent account. Although the organization was able to recover some of the lost funds through insurance, the incident highlighted the vulnerability of non-profit organizations to BEC scams.
Business Email Compromise FAQ
1. What is Business Email Compromise?
Business Email Compromise (BEC) is a type of cyber-attack where attackers target businesses and organizations by impersonating executives or employees, typically through deceptive tactics, such as email spoofing and phishing, with the goal of gaining unauthorized access to confidential information, data, or funds.
2. How does Business Email Compromise work?
BEC attackers use various tactics to manipulate victims into trusting the emails, such as social engineering, phishing, email spoofing, or malware. The attacker pretends to be a high-ranking executive or colleague within the company and requests sensitive information or funds transfers, often deceiving the target and causing financial loss or data breaches.
3. What are the common types of Business Email Compromise attacks?
Some common types of BEC attacks include:
– CEO fraud, where attackers impersonate a company’s CEO or top executive.
– Vendor email compromise, where attackers pose as a trusted vendor or supplier.
– Account compromise, where an employee’s email account is hacked or impersonated.
– Bogus invoices, where fake invoices are sent to a company for payment.
– Lawyer impersonation, where the attacker pretends to be a legal representative and requests confidential information.
4. How can businesses protect themselves from Business Email Compromise?
Some steps businesses can take to protect themselves from BEC include:
– Implementing strong email security policies and technologies.
– Conducting regular security awareness training for employees.
– Multi-factor authentication for email and other sensitive systems.
– Limiting the information shared on social media and public websites.
– Implementing advanced threat protection and email filtering solutions.
– Regularly monitoring and updating IT infrastructure for security vulnerabilities.
5. What should I do if I suspect a Business Email Compromise attack?
If you suspect a BEC attack, immediately notify your IT department or security team. Confirm the legitimacy of any suspicious email through a different communication channel, such as a phone call or face-to-face conversation. If you have already fallen victim to a BEC attack, report the incident to appropriate authorities and notify your financial institution to attempt to recover any lost funds.
Related Technology Terms
- Phishing
- Spear-phishing
- CEO fraud
- Email spoofing
- Account takeover
