What Is Business Email Compromise?
Business email compromise (BEC) is a type of fraud where the criminal poses as a legitimate contact who owns a legitimate business email account to convince their victim to do their bidding e.g. to transfer funds to them. The unwitting victim believes they are doing so for a legitimate reason to a legitimate person but they are actually sending money to the fraudsters.
BEC scams can be considered wire fraud, per US legislation, as they happen online. They take place within a single country or across international borders and are, in fact, a type of phishing. One major scheme in 2019 saw 218 perpetrators in eight countries arrested for their involvement in a cross-border business email compromise fraud.
Though not always the same, business email compromise is sometimes called email account compromise (EAC). Both terms are also often used interchangeably with the term CEO fraud, where someone poses specifically as upper management to convince their victim.
How Does Business Email Compromise Work?
BEC works by convincing an employee to make a payment or release confidential information outside of a company’s usual procedures. Fraudsters use openly available information from the internet, along with data gained through fraudulent means to achieve this. This can include spoofing email accounts, phishing, malware, or the use of details purchased on the dark web.
Fraudsters pose as a legitimate business contact – usually a senior executive or a known supplier – to play on the employee’s trust. They then will often use a sense of urgency to talk the employee into making a fast payment that bypasses normal protocols. They can also introduce an element of confidentiality to explain why the usual procedures can’t be followed and might even promise a promotion or bonus.
SEON’s data enrichment tool allows fraud investigators to deep-dive into emails, phone numbers, and more, to make sure the person you are interacting with is who they say they are.
Book a Demo
How Is BEC Conducted?
There are different stages to a business email compromise attack, but they generally involve gathering intel, making contact, and then sending a request, sometimes accompanied by additional promises, coercion or other social engineering techniques.
- Fraudsters put time and effort into learning about a company, its processes, its contacts, and its staff before attempting to carry out BEC fraud.
- Once they have built up sufficient knowledge, they approach the organization by phone or email, usually targeting a specific individual. They may take over a legitimate email account to do so or spoof an address that looks very similar to a genuine one.
- The fraudster might pose as a senior executive within the company or as a legitimate contact from a trusted supplier or partner organization. In either case, they will inform the target employee that they need an urgent payment to be made.
- They will likely advise the employee that there is an element of confidentiality related to the payment and that it needs to be made in a hurry.
- One key element of BEC fraud is that the fraudster will tell the victim to bypass normal company procedures. They will provide a plausible-sounding explanation as to why this is the case, then rush the employee to make the payment into the fraudster’s account.
- The employee, believing they are in contact with a genuine individual whom they trust, often makes the payment before realizing anything is wrong.
How Common Is BEC?
Business email compromise attacks are increasingly common. According to Beazley’s Q3 2022 Cyber Snapshot, there were almost as many business email compromise incidents in the first nine months of 2022 as there were during the whole of 2021.
Professional services and associations reported the most BEC incidents during the first nine months of 2022, followed by financial institutions and healthcare organizations. The education sector also saw a sharp rise in BEC incidents between 2021 and 2022.
What Do Fraudsters Do with Compromised Email Accounts?
Fraudsters can use compromised email accounts to access company information. Through a combination of pressure and persuasion, they can convince employees to reveal confidential information and, ultimately, to make one or more payments to the fraudster’s bank account.
Fraudsters can also use compromised email accounts to access information about a company’s contacts. They can use this as part of their BEC fraud attempts at one company, then move on to do the same at another business, using the information they have gleaned as part of the first BEC attack.
Partner with SEON to reduce fraud in your business with unique social data points, intelligent reporting, real-time data enrichment, machine learning, and advanced APIs.
Book a Demo
How to Stop Business Email Compromise Attacks
For companies, successful prevention of BECs involves a combination of awareness training, having efficient procedures in place, and utilizing suitable software and tools that will flag suspicious activity or provide additional contextual information about email addresses, individuals, etc.
BEC attacks are effective because the fraudster has taken the time to learn about the business, meaning they can effectively pose as a legitimate contact. They do their homework and can be extremely convincing.
There are several measures that companies can take to protect against BEC fraud. Knowledge sharing plays a key role in implementing anti-fraud measures, so companies should ensure they are up-to-date with the latest risks, understand which risks most apply to them, and train employees regularly to be aware of the dangers. The importance of always adhering to company procedures should be emphasized as part of this work.
However, stopping BEC entirely relies on your employees. They will be the targets of BEC fraud and, as such, are the people who can stop it from happening.
At the heart of this lies the message of never, ever operating outside of company procedures when it comes to making payments. Even if the sender is apparently the chairperson or chief executive, and they are demanding an urgent payment be made with the utmost confidentiality, the employee needs to stick to the authorized procedures, always.
Contact Us for a Demo
Feel free to reach out to us for a demo!