Business Email Compromise (BEC) is a growing problem targeting organizations of all sizes across the world. It is a type of cybercrime scam in which the attacker targets a business to defraud the company. According to the Internet Crime Complaint Center (IC3), BEC causes the most financial damage with $1.8 billion in confirmed losses in 2020.
The Federal Bureau of Investigation lists the following five types of BEC scams-
- Attorney Impersonation
In this case the attacker impersonates a lawyer or legal representative. Such requests may be made by email or phone and that to at the end of the day. Lower-level employees are usually targeted as they may not have the knowledge to question the authenticity of the email.
- CEO Fraud
Here the attacker poses as the CEO or a senior executive and sends an email to employees in the finance department asking them to transfer funds into an account controlled by them.
- Data Theft
This attack targets employees in the HR department in an attempt to obtain personal information about individuals within the company such as senior executives. This information can then be used for future attacks.
- Account Compromise
In this case an employee’s email account is hacked and is used to request payments to vendors. These payments are then sent to bank accounts controlled by the attackers.
- False Invoice Scam
Attackers target companies with foreign suppliers with this tactic. The attacker pretends to be the supplier requesting fund transfer for payment into account owned by fraudsters.
Being aware of the types of BEC attacks is an important step towards preventing them.