BEC, a cybersecurity challenge for businesses

IN THIS ARTICLE
Table of Contents
Like it? Share it

How do BEC Scams Work? Key Takeaways

  • BEC scams often begin with an email account compromise, giving attackers access to employee communications.
  • Fraudsters use a compromised account or spoofed business email to impersonate executives, vendors, or partners.
  • Employees in the finance department are targeted with urgent requests for wire transfers or sensitive data.
  • Business email compromise attacks are rising fast, with losses increasing by over 58% since 2020.

Business email compromise (BEC) is a cyber fraud where criminals impersonate trusted contacts such as executives or suppliers. Their goal is to trick employees into transferring funds or revealing sensitive data. In July 2024, a Singapore commodity firm lost USD 42.3 million in a BEC attack. Fraudsters altered a supplier’s email and redirected payments to a fake account. Thanks to INTERPOL most of the money was recovered.

What is Business Email Compromise (BEC)?

Business email compromise (BEC) is a cyber fraud scheme where criminals use email account compromise or spoofing to impersonate trusted contacts. The target is often an employee’s email account in the company’s finance department. Attackers then trick staff into authorizing wire transfers or sharing sensitive data.

Trustpair blocks the financial effects of BEC thanks to ongoing account validation and authentication. All suspicious transactions are blocked and risky data changes are spotted. Request a demo to learn more!

New call-to-action

How do BEC scams work?

BEC scams work in different ways. Generally, a fraudster can hack into an email or use malware to navigate company networks and infiltrate email threads.

Once the fraudster has access to the email threads using malware, an attack may not occur until much later. They may spend some time observing email chains to see which employees are in charge of money, invoices, transactions, and more.

Additionally, they may pick up on words or trends that employees use in emails. This is so that later down the line if they are to send an email on behalf of an employee, they can make it seem genuine.

Once they have gathered the information they need, the fraudster may ask for payments to be made to accounts which they control.

Alternatively, fraudsters may use a spoofed email address of a fake company that is very similar to the email address of a senior figure in the company. From there, they may make demands to those in charge of payroll to redirect funds to a different account.

Reported BEC scam losses have increased by 58% since 2020.

What are the types of Business Email Compromise Attacks?

Type of BEC Attack Description
Data theft This is usually the first step of BEC fraud or can lead to other types of fraud further down the line. It can occur to the HR department where schedules are stolen to get a better picture of the person who is being defrauded. Alternatively, personal data or sensitive information could be stolen by the scammers to get one up on senior figures in a scam down the line.
CEO fraud The attacker may pose as a CEO or a senior figure and ask for a payment to be transferred to a bank account operated by the hacker.
Account compromise A member of the finance department may be a target and have their email hacked and the scammers could encourage payments to vendors to a new bank account that is run by the hackers.
Vendor email compromise The criminals may pose as the vendors and ask for their funds to be sent to an attacker-owned bank account and claim their usual account is down. Alternatively, they may use a fake invoice that has similar details to the original vendor account to gain the funds.
Attorney impersonation Attackers can and will hack into a lawyer’s email address and claim that clients have to pay through a link or they are sent a fake invoice that has the details on of a scammer-controlled bank account.

What are BEC examples?

Facebook and Google

The most renowned example of a BEC cybersecurity scam was in the form of a vendor email compromise (VEC) attack on Facebook and Google between 2013 and 2015.

The organizations lost around $121 million between them. Fraudsters impersonated Quanta Computer which both giants have done business with.

The scammers used the fake company under the same name as Quanta Computer, false invoices, fake contracts, and letters to confuse the organizations and dupe them into paying out tens of millions to accounts run by the scammers.

One Treasure Island

The nonprofit based in San Francisco fell victim to a business email compromise attack in 2021.

Hackers gained access to the bookkeeper’s email. Using spoofed email addresses, they inserted themselves into the email chains and pretended to be figures involved with the nonprofit.

They then found and adjusted an invoice from a member organization that had been sent to the executive director of One Treasure Island. The new invoice contained altered wire transfer instructions to a bank in Texas.

The organization lost $655,000 in the fraud attack.

BEC red flags

Here are some of the red flags of business email compromise and ways your business can prevent it…

By being aware of these methods and how you can combat them, your business can avoid:

  • Financial damage
  • Reputational damage
  • Data leaks

Grammatical errors

If an email from a senior member of staff is littered with simple grammatical errors that they wouldn’t usually make, this should raise suspicions.

If you aren’t sure that it is legitimate, you should ring the employee or go and see them to double-check before making any transfer or payment.

Time sensitivity

If a member of your team receives an email or a text message from another colleague requesting an urgent transfer this should raise alarm bells.

It may be that a sender describes a serious situation such as they need their salary paid early to help with a family medical bill or that a vendor needs to be paid quickly into a new account to secure their business. These are social engineering techniques that are used to complete BEC attacks.

Either go and see the member of staff or ring them to check this is genuine. By making the situation urgent the fraudster hopes that you would either overlook usual procedures to help them get it done or forget about the correct process.

Employees should be educated about the red flags of fraud such as business email compromise and to always step back from the situation and think logistically about it.

Unusual requests

An unusual request that a member of staff may be asked to do involve:

  • Being asked not to speak with other employees about the transfer
  • To ignore normal methods – this may involve disregarding the normal process and instead sending a wire transfer
  • To communicate over text rather than email – staff should have access to work phone numbers anyway. Scammers do this as texts can feel more reliable than emails

Suspicious email addresses

A type of business email compromise involves phishing emails. By using a deceptively similar email address to what staff members already use or an incomplete email address, fraudsters may try to get staff to redirect funds into an account controlled by them.

How to Prevent BEC Cybersecurity Attacks?

Preventing business email compromise (BEC) requires a mix of staff training and stronger email security measures. Companies that overlook these steps risk falling victim to BEC scams, account compromise, and fraudulent wire transfers.

Training

Employees should be trained to spot suspicious emails, urgent requests, and phishing attack attempts. They must know how to respond if an employee’s email account is compromised or if attackers try to trick employees into transferring money. Security awareness programs reduce the risk of revealing sensitive information or login credentials during BEC attempts.

Use a fraud prevention platform

Organizations can prevent BEC attacks by adopting fraud prevention tools. Platforms like Trustpair monitor financial transactions, validate vendor bank account details in real time, and block fraudulent accounts before money is sent. This closes gaps left by compromised accounts and strengthens overall email security.

With BEC attackers launching increasingly sophisticated schemes, businesses need proactive measures. Combining employee awareness with advanced verification tools provides the best defense against future attacks.

Recap

BEC cybersecurity attacks involve fraudsters gaining access to an email address or using a spoofed email to redirect funds or gain valuable information. Alarm bells should ring if the emails contain grammatical errors, unusual requests, and suspicious addresses. Companies should educate and train staff about BEC scams and use fraud detection software like Trustpair.

FAQ
Frequently asked questions
Browse through our different sections and find the answer to your question.

Business email compromise (BEC) in cybersecurity is a fraud scheme where attackers use email account compromise or spoofing to impersonate trusted contacts. They often target a company’s finance department to authorize fraudulent wire transfers or gain access to sensitive data.

Between 2020 and 2021, reported BEC incidents in the UK totaled over 4,600 cases, resulting in approximately £138 million in losses according to the National Economic Crime Centre

Phishing is a broad cyber threat that uses suspicious emails or fake login pages to steal sensitive data.

Business email compromise (BEC) is more targeted. BEC attackers use social engineering tactics to trick employees into transferring money or sharing sensitive company data.

Phishing Business Email Compromise (BEC)
Mass emails with malicious links Targeted email account compromise or domain spoofing
Steals login credentials or data Diverts financial transactions or tricks finance staff

Preventing business email compromise attacks requires combining security awareness training with technical defenses. Companies should use multi factor authentication, secure email gateways, and fraud prevention tools that monitor financial transactions and block fraudulent accounts.

Vendor email compromise is a type of BEC fraud where scammers impersonate a supplier’s legitimate email account. They send fake invoices or urgent payment requests, tricking businesses into sending money to the attacker’s account instead of the real vendor.

You’d like these articles

Duplicates. Inconsistencies. Fraud. Clean your vendor data before it costs you

Duplicates. Inconsistencies. Fraud. Clean your vendor data before it costs you