Business Email Compromise (BEC)

Get a Quote

Business Email Compromise (BEC)

TL;DR:

Imagine you’re running a business and you get an email from what looks like a trusted vendor asking you to update their payment information. You comply, only to find out later that the email was fake, and you’ve just sent money to a scammer. That’s BEC in a nutshell. It’s a type of cybercrime where fraudsters use email to trick people into sending money or sensitive information. They often pose as someone you know and trust, making it hard to spot the scam. BEC is one of the most financially damaging online crimes, costing businesses billions each year.

Details for the Techies:

Business Email Compromise (BEC) is a sophisticated scam targeting businesses that conduct wire transfers and have suppliers abroad. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. BEC scams often involve the following tactics:

  • Spoofing email accounts or websites: Slight variations on legitimate addresses can fool victims into thinking fake accounts are authentic.
  • Spearphishing emails: These messages appear to be from a trusted sender to trick victims into revealing confidential information.
  • Malware: Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. This information is used to time requests or send messages so accountants or financial officers don’t question payment requests.

To protect against BEC, it’s crucial to:

  • Be cautious with what information you share online or on social media.
  • Verify email requests for transfers of funds.
  • Carefully examine the email address, URL, and spelling used in any correspondence.
  • Be wary of email attachments from unknown sources.

For more detailed information, you can refer to the FBI’s page on Business Email Compromise

Wiki

You May Also See

Attack Surface

TL;DR: Imagine your company's digital environment as a fortress. The attack surface is like all the doors, windows, and secret passages that an attacker could use to break in. The more entry points there are, the more opportunities for a breach. Reducing the attack...

Bitlocker

TL;DR: Imagine you have a safe at home where you keep all your valuable items. Now, think of BitLocker as a digital safe for your computer. It locks up all the data on your computer's hard drive so that if someone tries to access it without your permission, they can't...

CIS Controls

TL;DR: Imagine your company's cybersecurity as a fortress. The CIS Controls are like a detailed blueprint for building and maintaining this fortress. They help you keep an eye on the walls (monitoring and maintaining cyber defenses), fix any cracks quickly (reducing...

CMMC

TL;DR: Imagine you have a house with valuable items inside, and you want to make sure it's secure. You might install locks, alarms, and cameras to protect it. The Cybersecurity Maturity Model Certification (CMMC) is like a security system for companies that work with...

Conditional Access Policies

TL;DR: Imagine you have a special key to access different rooms in a building. However, to use this key, you need to meet certain conditions. For example, you might need to show your ID or enter a password. Conditional Access Policies work similarly. They are like...