Home » Resources » Cyber security basics: what is a business email compromise attack?

Posted on March 23, 2022

Estimated reading time 7 minutes

Sometimes in IT security, the call comes from inside the house.

Business email compromise (or BEC) attacks are a sophisticated IT security threat involving a blend of social engineering and hacking. Unfortunately, BEC scams are a highly effective method of extortion and network access, meaning senior business leaders must know how to combat them.

With the average cost of data breaches rising to $4.24 million in 2021, the business case for cybersecurity investment is clear. This article will outline exactly what business email compromise attacks are, what they look like and what you can do to stop opportune cybercriminals in their tracks. Read on to find out more.

What is a business email compromise attack?

A BEC scam is an exploit in which hackers gain access to a corporate email account, impersonate an employee and send targeted emails out to other employees.

Importantly, in BEC attacks, the hacker (or threat actor) typically impersonates the CEO or another senior leader within the organisation, by spoofing their display names to trick victims.

This fraud element of BEC scams is what sets them apart from other cyber attacks as it routes a suspicious email via a valid workplace source. As a result, scammers ensure emails appear legitimate to victims.

BEC scams sometimes contain a link or virus-laden attachment, allowing hackers to extort employees or businesses. However, the threat actor typically attempts to trick a user into making a fraudulent transfer. The attacker generally does this by creating a sense of urgency by asking the recipient to do an important and time-sensitive task.

Attackers are especially keen to elicit a response from email recipients, hoping to trick them further into making a fraudulent transaction.

Impact of BEC attacks:

BEC fraud is a serious economic threat to business. If their hurried instructions for fraudulent transactions don’t work, threat actors can demand money when they have control over sensitive information.

BEC attacks can also affect the company’s brand value and reputation as customers and business partners can have their data leaked in the process.

Research from the FBI’s Internet Crime Complaint Centre (IC3) estimates that BEC scams accounted for $1.8B in losses in 2020. In particular, smaller businesses faced more BEC attacks than large organisations because of their especially fragile security posture.

How to identify and prevent BEC emails

Follow the steps below to identify BEC scams in your organisation and prevent them from causing harm to your business:

BEC attacks typically come from random sender domains and email addresses.
Emails are often poorly structured and contain grammatical errors.
Threat actors use a templated structure with generic greetings or signatures. Therefore, emails may read as inorganic and unusual.
You can prevent BEC phishing attacks by educating your staff on BEC fraud and phishing email strategies.
The first step is not to respond, as the threat actor is likely to send the actual phishing email with malicious links or attachments afterwards.
Check in with the apparent ‘sender’ via another communication medium, like a phone number or instant messaging platform like Teams.
Report the email to the security team to help to prevent future attacks.
Block the email address to prevent further emails from that particular sender.

Business email compromise attack examples

Example 1:

Hi,

Are you at your desk? I want you to do a quick task for me.

Regards,
CEO/CFO/ COO name

Sent from my iPhone

Example 2:

Hello,

I’m in an important client meeting. I need a swift task to be completed. You are the right person to do this job. Mail me back when you are available.

Thanks,
CEO name

sent from my mobile

Why is it important to be aware of BEC

BEC fraud is a surprisingly lesser-known type of cyber attack, yet one of the most effective ones.

BEC attacks don’t necessarily contain malicious URLs or attachments in most cases. As a result, the possibility of them passing security controls is high. Hence it is extremely important to understand and be aware of this attack as it’s up to your staff to detect them.

Moreover, threat actors gain information from public sources like social media or company websites. And so, BEC fraud is a constant enterprise threat since you’ll always publish this type of information for marketing purposes.

BEC phishing summary:

BEC attacks are where an attacker tricks an employee into making a fraudulent transfer by impersonating a senior leadership member.
Sender domains, sender email ids, grammatical errors, generic greetings, and urgent task requests are typical indicators of BEC phishing attempts.
If a BEC email is received, report the scam to the security team and don’t respond to the sender.

How can Atech help prevent BEC attacks?

Atech is a multi-Gold Microsoft partner which means we have a wealth of experience in deploying Microsoft and Azure cloud solutions for cybersecurity.

Microsoft analyses over 6.5 trillion signals daily — the world’s largest set of threat-related optics — to protect its users from evolving threat categories.

In particular, Microsoft technologies help you avoid malicious websites by scanning links in emails and documents in real-time. For example, if Defender for Office 365 detects a possibly harmful file, you can use a sandbox environment to nullify viruses and protect your main systems.

We can also provide impersonation protections for high-profile users using next-generation security tools and deliver a tailored approach to cybersecurity. Moreover, our Security Operations team monitors security alerts across your organisation and remedy events quickly and effectively.

Modernise your workplace with Atech

Atech is a leading provider of cloud services and Microsoft enterprise solutions. With 9 Microsoft Gold Partner accreditations including Gold Partner in Security, we have secure, scalable service solutions to revolutionise your workplace.

We’ve migrated or refactored over 10,000 servers in Azure, meaning we’re highly familiar with a range of Microsoft solutions across cybersecurity and productivity. We offer a suite of services to help transform your organisation with scalable cloud technologies from one-time platform migrations to ongoing managed services.

Get in touch to speak to one of our experts to learn more, and see where cloud technologies can take your business today.

Sitaram Chakilam SOC Analyst

Sitaram Chakilam is at the post of SOC Analyst at Atech. He has an expertise on email security, endpoint security and identity protection. Sitaram has achieved various Microsoft security certifications such as; AZ900, SC900, SC200 and MS500.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cyber security basics: what is a business email compromise attack?