Business Email Compromise – What you Need to Know to Secure your Organization!


  • In their 2019 Internet Crime Report, the FBI stated that Business Email Compromise accounted for $1.77 billion in corporate losses. Averaging $75,000 per complaint.
  • “Not only did #BEC cause over 33x the damages of reported corporate data breaches, the top 6 crimes by losses mostly tie back to Nigerian fraud.” – Ronnie ‘BEC’ Tokazowski (@iHeartMalware)
  • In a recent study by Abnormal Security, Cyber Criminals have deviated from targeting individual C-Suite leaders, and are now focusing on finance employees.

Scammers tend to utilize the oldest tricks in the con artist manifest to deceive unsuspecting victims. These tricks rely on deception, simplicity, and a little bit of research on the target, in order to work. Today, we’ll examine how cyber criminals initiate Business Email Compromise attacks and how you can defend against them.

Business Email Compromise, or BEC, is a type of scam that targets companies who conduct wire transfers. These companies typically conduct business with foreign suppliers. The criminal will either spoof, or compromise the email accounts of executives, or those with financial authority, to initiate a fraudulent wire transfer to the criminal’s bank account.

Fraudulent emails associated with BEC scams will typically contain the following words in their subject line:

  • Request
  • Payment
  • Transfer
  • Urgent!

BEC scams tend to fall into the following email campaigns:

  • The Invoice Scheme – The attacker will pretend to be a supplier, requesting that you transfer funds for a recent transaction to an account owned by the scammer.
  • A Message from the Boss – In this scenario, the attacker will pose as the company’s CEO. The attacker will email employees in the finance department, and request that they transfer money to an account, which the scammer controls. In some instances, the attacker may have actually compromised the CEO’s, or another executive’s account instead of masquerading as the CEO, to add some legitimacy behind the request.
  • The Data Heist – Think of this scenario as the digital version of “Money Heist”, or, your favorite bank robbery movie. The attacker targets HR or Finance employees, in order to obtain tax statements, personally identifiable information, or account credentials. This information can either be used during future attacks or sold to the highest bidder.

The aforementioned scenarios are highly effective due to the fact that they often avoid including malicious links or attachments, relying solely on the scammer’s ability to establish trust with the victim. So how can we defend against these schemes? We’re glad you asked. Ensuring that your employees are vigilant is the key to success. All employees, regardless of their role, should examine the following telltale characteristics of a BEC scam:

  • A Generic Greetings or Signature Block – Greetings, such as, “dear valued customer/employee/partner” or “Sir/Ma’am,” are red flags, as business relationships are usually personal. A lack of contact information, or falsified contact information, are also indicators of a BEC scam.
  • Poor spelling – Bad grammar, sentence structure, misspellings of commonly used words, and inconsistent formatting, are typically associated with BEC scams, especially those conducted by a foreign threat actor.
  • Suspicious attachments – Unsolicited emails, which urge a user to click on an attachment, or to download special software, are commonly used by cyber criminals. Also, pay special attention to emails that contain an attachment titled, Report, Invoice, Order, Judgement, or other commonly used business terms.

Awareness is key to successfully defending against BEC schemes. Have a question regarding how you can combat BEC scams? Contact us and we’ll be glad to help! Don’t forget to subscribe to our mailing list, to stay up to date with the latest data privacy and information security related tips and tricks!

Additional Resources

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.