Business Email Compromise Attacks

Business Email Compromise Attacks

The Business Email Compromise (BEC) attack is an increasingly popular type of cyberattack because the success rate is quite high. A BEC attack impersonates a familiar person, such as a business partner or an employee, tricking the victim into buying gift cards or transferring expensive items to the hackers orchestrating the attack.

Gift cards have become a common way for cybercriminals to steal money as they do not require bank accounts, identification documents, etc. These cards can easily be sold online for at least 60% of their initial value. Gift card scams are particularly popular around the holiday seasons.

The Context

Like the traditional phishing campaigns, BEC attacks often take advantage of topics in the news. These days, one of the main topics is the novel coronavirus. According to Check Point researchers – their team collects and analyzes global cyberattack data, SARS-CoV-2 related cyberattacks jumped by more than 30% in May 2020 alone, many of which involved email scams.

The outcome?

Several government agencies and medical facilities looking to purchase equipment unknowingly transferred money to hackers, eventually have discovered that the requested equipment does not exist and that their money was gone.

Also, in 2019, a group of attackers infiltrated and monitored the Office 365 accounts of three financial organizations. After creating fake domains for these firms and for their partners, accounts, and banks, the criminals diverted certain emails to these fake domains. Using this type of “man-in-the-middle” approach, the group behind the attack managed to request and receive money transfers worth more than $1.2 million.

BEC campaigns typically use three different methods for impersonating legitimate email accounts:

Usually, the attackers spoof real email addresses, which can be done quite easily as the SMTP protocol offers no efficient way to validate the sender. Hackers either use dedicated or public SMTP servers to deploy emails with a spoofed address.

Secondly, the attackers register and send email from a domain name like that of the actual domain they intend to spoof. For example, the registered domain may be in contrast to the legitimate domain name of

Thirdly, the attackers use phishing techniques to gain control of the email accounts of the people they want to impersonate. They can then send emails from the actual account for legitimacy which facilitates their success in requesting and receiving money.

Stopping BEC attacks

Firstly, train your staff regularly about modern fraud techniques like BEC. The best training is brief, frequent, and focused. Organizations need to constantly retrain and keep security awareness messages front and center through multiple channels, including newsletters, web pages, online lessons, webinars, or presentations.

Every time irreversible actions such as money transfers are initiated, details of the transaction must be verified through additional methods such as voice communication and must not exclusively rely on email correspondence.

Review the existing protocols, and separation of duties for financial operations. Add extra controls, if needed. Remember that separation of duties and other protections may be compromised by insider threats, therefore risk reviews may need to be rechecked as well.

Create new policies related to “out of band” transactions or urgent executive requests. An email from a fellow worker’s Gmail or Yahoo account should automatically raise a red flag to staff members, but they need to understand the latest techniques being deployed by hackers. You need authorized emergency procedures that are well understood by all team members.

Review and test your incident management and spam reporting systems. Also, test your staff with simulations of incident scenarios.

Protect your email traffic with a layer of advanced email security. Make sure the email security solution you use blocks sophisticated phishing attacks like BEC. Viable email protection solutions would prevent those attacks from reaching employee mailboxes.

Protect mobile and endpoint browsing with advanced cybersecurity solutions, which among others, prevent browsing phishing websites.

Check the full email address on any message and be alert to links that may contain misspellings of the real domain name.

Regularly monitor financial accounts for suspicious transactions.

Use two-factor authentication every time you attempt to login to key applications.

Do not provide login credentials or personal information in response to an email.

In case you or your team members have encountered any suspicious activity, please let us know here. We are ready to offer your organization the professional support that it needs.