Tip - Understand the Phases of a Business Email Compromise (BEC) Attack

Learn about BEC attacks so you can better protect yourself & your business.

Business Email Compromise (BEC) attacks are widespread as they stole $26 billion dollars in three years by attackers simply asking victims for money. These scams make victims think they’re talking to authority figures to steal their valuables with methods like fraudulent wiring instructions. BEC emails are hard to recognize and block. To avoid being a victim, let Guardian Digital educate you on how a BEC attack works.

What is a Business Email Compromise? 

Business Email Compromise (BEC) is a phishing attack where the criminal targets a particular company or individual. They could also attempt to trick a senior executive into revealing sensitive information or giving money. While this seems almost identical to a regular phishing attack, the primary difference in a BEC is an attacker will specifically target an organization or person higher up in the company. Instead of attacking a regular employee within the company, the criminal attempts to trick a higher-ranking individual in the company into giving information only they know. While they're known for attacking executives, they also attack financial or HR employees for information or money. BECs are also known for targeting companies with suppliers abroad and wire transfers. These attackers attempt to defraud a specific company. 

Watch: Anatomy of a BEC Attack

What Types of BEC Attacks Do Companies Face?

Businesses and individuals can be targeted in several types of BEC scams, including:

Account Compromise

During an account compromise, an employee's email account is hacked and used for financial or data-related crimes during an account compromise. Usually, the attacker will use the account to request payments on behalf of vendors. Then, these funds are transferred to accounts owned or controlled by the attackers.

Attorney Impersonation

An attorney impersonation attack usually targets newly hired or junior employees. The hacker will impersonate a lawyer or someone from a legal team member and pressure or manipulate the employee into taking action. The action could be different, like sending data or requesting a wire transfer. Since the request is typically written as urgent and/or confidential, many new or relatively inexperienced employees don't know how to validate the request. Most times, they comply to avoid negative consequences.

CEO Fraud

Similar to attorney impersonation, CEO fraud is where the attacker poses as the CEO. In most cases, the attacker will target a finance team member and claim to need urgent support on a time-sensitive or confidential matter. The employee is tricked into transferring money into an account controlled by the attacker.

Data Theft

BEC attackers also target a company for data. The attacker will most commonly target HR or finance team members in a data theft attack. They then attempt to steal personal information about the company's employees or customers. The information can then be used to inform and advance future attacks or be sold on the dark web.

Fake Invoice Scams

The attacker pretends to be a vendor and requests payment for a service. The attacker often pretends to be an actual vendor and writes an official vendor invoice template. However, the attacker alters the account details so funds are transferred into an account the hacker owns.

How Can I Spot a BEC Scam?

While BECs seem legitimate at first glance, the closer you look at them, the more flaws you can spot. Taking a closer look, some signs include: 

Errors in Spelling or Odd Grammar

Since the hacker relies on limited information, weird details could be included in the message. Some involve using your full name (co-workers could refer to you by first name or nickname) or a generic greeting with no name. Hackers are also not professionals in your industry. Grammar, spelling, and other errors may be unfamiliar to your organization.

Errors in the Sender's Address or Email

If the hacker can't use an actual email address to send their message, they will make one that looks legitimate. Next time you receive an email, look for missing letters, dashes instead of underscores, unique characters that closely resemble letters of the alphabet, and more.

Unusual requests

The hacker may request something abnormal or odd by claiming it is an urgent favor, unique circumstance, or requirement. Verify the message using other signs if the request seems unusual. 


What is an example of a business email compromise?

Hacked Laptop. Cyber Security Virus Attack And BreachBECs come in many shapes and sizes and also depend on who the company being attacked is. For example, you may get an email from a CEO with an urgent request to pay an overdue bill. In reality, this bill is not from who they say they are. Another example is when you receive an email asking you to click on a link to verify or fill out your or an employee's personal information. It's important to know that BECs are not only designed to steal money. The attacker could also claim that something within the company needs to be repaired. Attackers will do almost anything to get their hands on personal information. If they met their goal and got the information from you or your colleagues, they could use it for different purposes, such as selling it on the dark web, identity theft, and more. 

What is the goal of business email compromise?

The main goal with BECs is for attackers to target a specific organization when they want information or money. While this is a phishing attack, it's more precise because it targets organizations and individuals. BEC attackers target specific companies to get their money or personal information. BECs can come in all shapes and sizes and specifically target tricking you and your employees. While the motives can vary, all BECs share a common denominator: the scam or trick that the attacker develops is crafted specifically for you and your business. If the attackers are successful in their goal and obtain information from your company, they can sell that information on the dark web, use it for identity theft, and more. The same goes if the attacker gets credentials to finances, like credit cards or banking information.  

What is a business email compromise threat?

BECs threaten the risk of revealing sensitive information or money to an attacker. That attacker could then disclose that information to the rest of the internet (such as the dark web), use your information, exploitation, or identity theft. If any of the information gets into the hands of attackers, your business and employees are at risk. The threats that arise if this happens are loss of reputability of your company, trust being lost from consumers and employees, or financial losses. Along with those risks, some of them can have serious consequences, whether that's to you, the company, or your employees. 

Can Microsoft business email compromise attacks take just hours?

A BEC attack can happen within hours. These phishing attacks can happen fast and have long-lasting effects on your company. It's essential to ensure you and your company are protected from these attacks. It's vital to ensure that when you receive an email from Microsoft or any address, the email is from who they say they are. 

Keep Learning about BEC and Keeping Your Company Safe

Business email compromises are attacks that are made specifically to attack your company. Educate yourself and your company and take the proper steps to prevent these attacks to protect you, your company, and sensitive information within those two. Combating modern email threats calls for a comprehensive, cloud-based email security solution that safeguards the inbox against all fraudulent mail that could potentially lead to compromise.

CyberSecurity Month

Get Your Guide