Business Email Compromise (BEC)

A targeted form of phishing where criminals impersonate senior executives, or departmental authority figures, in order to get others to transfer funds or sensitive information to the imposter.

BEC can happen in different ways, but generally speaking a criminal will either hack into an executives email account, or they will 'spoof' the account (i.e. email from a lookalike account which is very similar to the original account). If an email has been spoofed then email filters may be able to help prevent these from reaching employees.

If an account has been hacked, then this is much harder to combat, as requests are coming from a legitimate account so detection software won't be much help. This type of BEC allows a criminal the opportunity to directly alter invoice attachments, and even set up rules which will redirect emails into folders to cover up their tracks.

By using this website you agree to our use of cookies to enhance your experience. I understand