Business Email Compromise (BEC) is one of the most financially damaging types of cyber attacks, responsible for over $2.4 billion in reported losses. Unlike other attacks that rely on malware or technical exploits, BEC attacks exploit human trust.
How BEC Attacks Work
BEC attacks follow a predictable pattern:
1. Research Phase
Attackers study your business—learning about your vendors, customers, executives, and internal processes. They might spend weeks gathering intelligence from public sources and social media.
2. Compromise or Impersonation
They either compromise an actual email account (through phishing or credential theft) or create a lookalike domain that appears legitimate at first glance.
3. The Request
Using the compromised or fake account, they send a seemingly legitimate request for a wire transfer, payment change, or sensitive information. These requests often appear urgent and come from authority figures.
4. The Theft
If successful, money or information is transferred before anyone realizes something is wrong.
Common BEC Scenarios
CEO Fraud: An email appearing to be from the CEO asks an employee to urgently wire money for an acquisition or business deal.
Vendor Impersonation: An email from a "vendor" requests that future payments be sent to a new bank account.
Payroll Diversion: An employee receives what appears to be an HR request to update their direct deposit information.
Red Flags to Watch For
- Urgent requests that bypass normal processes
- Slight variations in email addresses or domains
- Requests to keep the transaction confidential
- Changes to payment instructions, especially for wire transfers
- Poor grammar or unusual phrasing (though sophisticated attacks may not have these tells)
Protection Strategies
Technical Controls
- Enable multi-factor authentication on all email accounts
- Implement DMARC, SPF, and DKIM to prevent email spoofing
- Use email filtering that detects impersonation attempts
Process Controls
- Require verbal confirmation for any payment changes or large transfers
- Implement dual approval for transactions above a threshold
- Never use contact information from the suspicious email—verify through known channels
Training
- Regular awareness training on BEC tactics
- Simulated phishing exercises
- Clear reporting procedures for suspicious emails
What to Do If You're Targeted
- Stop the transaction immediately if possible
- Contact your bank's fraud department
- Report to the FBI's IC3 (Internet Crime Complaint Center)
- Investigate how the attack occurred to prevent recurrence
The Human Factor
BEC attacks succeed because they exploit human psychology—urgency, authority, and trust. Technical controls are important, but a security-aware workforce is your best defense.
*We help businesses implement comprehensive email security that combines technical controls, process improvements, and employee training. Contact us for a free assessment.*