Browse Definitions :
Definition

business email compromise (BEC, man-in-the-email attack)

Contributor(s): Matthew Haughn

Business email compromise (BEC) is a security exploit in which the attacker targets an employee who has access to company funds and convinces the victim to tranfer money into a bank account controlled by the attacker.

According to the FBI's Internet Crime Report, BEC exploits were responsible for over $1.77 billion in losses in 2019. Business email compromise is one of the top cyberinsurance claims in 2020, and security vendor Proofpoint has warned businesses that BEC exploits are increasingly being tied to COVID-19. The most common victims of BEC are companies that use wire transfers to send money to international clients.

 

BEC exploits often begin with the attacker using a social engineering scam to trick a C-level target into downloading malware, clicking on an infected link or visiting a compromised website. Once the C-level manager's account has been compromised, it can be used to trick another employee into sending money to the attacker.

 

A popular BEC strategy is to send an official-looking email to someone in the company's finance department. Typically, such an email will say there is a time-sensitive, confidential matter that requires payment be made to a customer's, partner's or supply chain partner's bank account as soon as possible. The attacker hopes that the unsuspecting person in finance will think they are helping their company by facilitating a quick transfer of funds -- when in reality, they are sending money to the attacker's bank account.

There are numerous ways that BEC can be used to defraud targets. Here are a few examples:

  • A compromised employee account requests a change in payee information and transfers payments to the perpetrator’s account.
  • The attacker sends a bogus invoice to partner vendors in hopes they will pay the bill without questioning it.
  • An attorney’s email identity might be used to pressure the target for immediate payment.

Cybercriminals may further use a compromised account (especially those of HR employees) to gain more personally-identifiable information (PII) for later use in defrauding the company or its clients. Measures to prevent this type of financial fraud include employee education, conducing social engineering pen tests and adding a requirement that at least two employees sign approvals for payment change requests.

This was last updated in March 2020

Continue Reading About business email compromise (BEC, man-in-the-email attack)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with...

SearchSecurity

  • Trojan horse (computing)

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a ...

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification and is used in internally mounted ...

  • kilobyte (KB or Kbyte)

    A kilobyte (KB or Kbyte) is a unit of measurement for computer memory or data storage used by mathematics and computer science ...

  • virtual memory

    Virtual memory is a memory management capability of an operating system (OS) that uses hardware and software to allow a computer ...

Close