Security

Business Email Compromise (BEC) – Definition and meaning

3 min read 1.169 views

What is Business Email Compromise (BEC)? Find out more about Business Email Compromise (BEC) and how you can protect yourself from this scam.

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is one of the biggest threats to businesses in the digital age. In this type of cyberattack, a company or organisation is targeted with fake emails or fake identities. The aim is to steal sensitive information or manipulate financial transactions. As a rule, a person or department within the company is faked as the sender.

How does a business email compromise work?

The process of a BEC attack is usually very sophisticated and takes place in several steps:

Information gathering: attackers gather information about the target company, often through social media or phishing emails
Fake communication: Using the information gathered, the attackers send emails written in the name of trusted individuals (such as executives or accountants)
Financial transactions: The fake emails often contain instructions to transfer money or share sensitive information
Conclusion: Email recipients believe they are following a trusted person and carry out the instructions, resulting in financial loss or data leakage

Types of BEC attacks

There are several common types of business email compromise:

CEO Fraud: This is where the attacker poses as a CEO or high-ranking employee and requests an urgent transfer of funds.
Supplier fraud: Attackers pose as legitimate suppliers and request changes to account information.
Phishing attacks: Generic emails aimed at stealing login credentials from employees.

How can you protect yourself from BEC?

There are several precautions companies can take to protect themselves from Business Email Compromise:

Training: employees should be regularly trained to recognise and report suspicious emails.
Multi-factor authentication: Implementing MFA can provide additional protection even if credentials are stolen.
Verification: For large financial transactions, there should always be a telephone confirmation of the request.

The role of "whaling" attacks in the context of BEC

"Whaling" is a specific form of BEC that specifically targets executives or particularly valuable members of an organisation. In these attacks, the emails are customised to increase the likelihood that the target will respond.

Illustrative example on the topic: Business Email Compromise

Imagine the following scenario: A medium-sized company receives an email purporting to be from the CFO. This email asks for an urgent bank transfer to a new supplier. The employee in the accounting department who receives the email recognises the sender and does not assume that it is a fraud attempt. After briefly checking the due date for payments, he carries out the transfer. Only later does it turn out that the email was fake and the money is lost forever. This example shows how dangerous BEC can be and how important it is to review operating procedures and implement safeguards.

Conclusion

Business Email Compromise is a serious threat to businesses of all sizes. However, increased training and preventative security measures can significantly reduce the risk of a successful attack. Organisations should always be vigilant of suspicious emails and encourage employees to verify any further steps before acting.

Learn more about related topics such as cybersecurity and phishing for more information on security in the digital space.

Frequently asked questions

What are the main characteristics of a Business Email Compromise (BEC) attack?

A Business Email Compromise (BEC) attack is characterised by the targeted deception of employees by attackers posing as trustworthy persons. Typical characteristics are fake emails that often request urgent financial transactions or the disclosure of sensitive information. The attackers use previously collected information about the company to increase the credibility of their messages. These attacks are often very sophisticated and can cause considerable financial damage.

How can you minimise the impact of a Business Email Compromise (BEC) attack?

To minimise the impact of a Business Email Compromise (BEC) attack, companies should implement comprehensive training programmes for their employees. These should aim to recognise suspicious emails and respond appropriately. In addition, the introduction of security measures such as multi-factor authentication and regular checks of financial transactions is crucial. A clear communication policy that requires verification of requests can also help to reduce risk.

What role does information gathering play in a Business Email Compromise (BEC)?

Information gathering is a critical step in the process of a Business Email Compromise (BEC). Attackers use social media, public data and phishing techniques to gather targeted information about employees and company structures. This information allows them to create authentic-looking emails that increase the likelihood that recipients will respond to the fraudulent requests. A well-informed attacker can exploit the target's trust, which significantly increases the risk of a successful attack.

What are the most common forms of Business Email Compromise (BEC) attacks?

The most common forms of Business Email Compromise (BEC) attacks include CEO fraud, where attackers pose as executives to demand funds, and supplier fraud, where they pose as legitimate suppliers and want to change account information. They also include general phishing attacks aimed at stealing employee credentials. Each of these methods has specific characteristics that allow attackers to target organisations and bypass their security measures.

How does whaling differ from other forms of business email compromise (BEC)?

Whaling is a specific form of Business Email Compromise (BEC) that targets high-ranking executives or particularly valuable members of a company. Unlike general BEC attacks, whaling attacks are often more personalised to increase the likelihood that the target will respond. These attacks use detailed information about the target and their role in the organisation to formulate particularly credible and urgent requests, which significantly increases the risk to the organisation.

Name	`PHPSESSID`
Description	Stores the user's current session ID.
Host	jobriver.de
Lifetime	Session
Type	HTTP

Name	`jobriver_consent`
Description	Stores your cookie consent decision.
Host	jobriver.de
Lifetime	365 days
Type	HTTP

Name	`jr_lang`
Description	Stores the selected language so the site is shown in your preferred language.
Host	jobriver.de
Lifetime	365 days
Type	HTTP

Provider	Website operator (first party)
Privacy policy	https://jobriver.de/en/privacy

Name	`_ga`
Description	Used to distinguish individual users.
Host	jobriver.de
Lifetime	2 years
Purpose	Tracking
Type	HTTP

Provider	Google
Description	Google LLC, the parent company of all Google services, is a technology company that offers various services and is engaged in developing hardware and software.
Address	Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy	business.safety.google/privacy
Cookie policy	policies.google.com/technologies/cookies

Name	`_fbp`
Description	Used by Meta to display a range of advertising products, e. g. real-time bidding from third-party advertisers.
Host	jobriver.de
Lifetime	3 months
Purpose	Marketing
Type	HTTP

Provider	Meta Platforms
Description	Meta Platforms, Inc. (formerly Facebook, Inc.) is a technology company that operates social networks, messaging services and advertising technologies.
Address	4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy	facebook.com/privacy/policy
Cookie policy	facebook.com/privacy/policies/cookies