What is Business Email Compromise (BEC)?

Business E-Mail Compromise is a fraud method that uses fake business e-mails to gain access to sensitive data or to initiate financial transactions, for example. Cybercriminals send emails that appear to come from employees, executives, or business partners and ask the recipient to carry out certain activities in their favor.

The abbreviation for Business E-Mail Compromise is BEC. An alternative term that is sometimes used is CEO fraud. Business E-Mail Compromise is a fraud method that uses spoofed e-mail or unauthorized access to business e-mail accounts. The cybercriminals send e-mails with business content that appear to come from executives, employees, partners, customers, or service providers. They ask the recipient to take certain actions in their favor. Since the e-mail recipient believes the message is authentic and actually comes from the specified sender, he or she reveals confidential or sensitive data or carries out a business transaction such as a money transfer to a given account. The fraudsters arrive at their criminal target with bogus business correspondence. Potential victims of business e-mail compromise can be companies, organizations or public institutions. BEC is an online threat with great potential for financial damage.

Process and types of business email compromise

In order to impersonate a specific email sender, the criminals use various methods. They use e-mail spoofing to fake identity, use a previously hijacked e-mail account to send messages or forge e-mail signatures. The cyber criminals obtained the information required for this through social engineering , spear phishing , malware or from publicly accessible sources of information and other methods. Authentic-looking e-mails are written on the basis of the inside information and known names of executives, customers, partners or employees. Business E-Mail Compromise is used in different variants. For example, the fake business emails come from:

• from a supplier requesting payment of an outstanding invoice
• by a member of management or the CEO asking an employee to make a payment or provide them with information
• from a customer of the company requesting a pending delivery
• by an employee of a company who sends fake invoices to customers
• by a lawyer or other specially authorized person who requests the disclosure of sensitive data

Typical identifying features of BEC

Typical distinguishing features of business e-mail compromise are:

• E-mail recipients are put under time pressure
• E-mail recipients are requested to maintain confidentiality
• In a departure from the usual processes, it is requested to carry out transactions, transfers, or the release of data
• the transfer account is located abroad
• the financial transaction cannot be precisely assigned to a company process
• the sender uses an unusual address or spelling
• there are spelling mistakes or grammatical errors in the message
• the sender e-mail address or the signature of the message shows slight differences
• the unusual number and date formats are used
• the reply address does not match the sender address

BEC protective measures

Customary protective measures such as searching for malicious file attachments or fraudulent sender addresses are usually ineffective in the case of business e-mail compromise. Rather, employees and managers must be made aware of this type of cyber threat. The typical characteristics of the BEC messages must be conveyed in training courses. A healthy mistrust in dealing with business emails that prompt certain transactions is recommended. If in doubt, it helps to reassure yourself by calling the sender of the message. In order to prevent misuse or the hijacking of business e-mail accounts , strong authentication procedures and multi-factor authentication should be used.