TL;DR:
Imagine you’re running a business and you get an email from what looks like a trusted vendor asking you to update their payment information. You comply, only to find out later that the email was fake, and you’ve just sent money to a scammer. That’s BEC in a nutshell. It’s a type of cybercrime where fraudsters use email to trick people into sending money or sensitive information. They often pose as someone you know and trust, making it hard to spot the scam. BEC is one of the most financially damaging online crimes, costing businesses billions each year.
Details for the Techies:
Business Email Compromise (BEC) is a sophisticated scam targeting businesses that conduct wire transfers and have suppliers abroad. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. BEC scams often involve the following tactics:
- Spoofing email accounts or websites: Slight variations on legitimate addresses can fool victims into thinking fake accounts are authentic.
- Spearphishing emails: These messages appear to be from a trusted sender to trick victims into revealing confidential information.
- Malware: Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. This information is used to time requests or send messages so accountants or financial officers don’t question payment requests.
To protect against BEC, it’s crucial to:
- Be cautious with what information you share online or on social media.
- Verify email requests for transfers of funds.
- Carefully examine the email address, URL, and spelling used in any correspondence.
- Be wary of email attachments from unknown sources.
For more detailed information, you can refer to the FBI’s page on Business Email Compromise