O BEC (Business Email Compromise) is an advanced attack and one of the top threats to business and corporate email. It is a type of spear phishing attack. BEC is also known as CEO Fraud and Man-in-the-Email scam.
A BEC attack does not necessarily involve theft of other people's inboxes. Cybercriminals sometimes try to impersonate senior company employees or even partners, use the Adresses from third parties.
A BEC scam works as follows: Someone impersonates an employee, director, executive or even the CEO of the company to make money or steal confidential information. The perpetrator attempts to entice and induce employees, partners, and customers to take specific action, such as paying a fake account via wire transfer or bank receipt.
In some cases, an attacker compromises a corporate email account, while in others it simply creates a similar email address, similar to the original one. It then fakes and impersonates the identity of the email owner.
Last month, scammers tried to steal $ 2,9 million from the Portland Public Schools (USA). And in July, Cabarrus County Schools (USA) lost $ 1,7 million after receiving false instructions by email. The employees initially transferred $ 2,5 million, allegedly for the construction of a new school, but later recovered part of the money.
As a sophisticated scam, BEC is not easily identified by spam filters. That's why you need to go beyond basic and simple protection. In this case, our three most important protection tips are:
- Training. Teach your team to recognize and deal with phishing attacks and spear phishing.
- Authentication. Require multifactor authentication for important processes such as bank transfer payments.
- Software. Use email protection software, such as a Secure Email Gateway, with antispam, antivirus and sandbox.
