A business email compromise attack (or BEC attacks for short) is a form of cybercrime that utilises email fraud tactics. Victims of BEC attacks are varied and include government departments, charities and enterprises in both the industrial and commercial sectors.

While the specific aim of a BEC attack may vary, they are always conducted to have a negative impact on their chosen victim, with the aim of achieving a specific result that adversely affects the target.

How BEC attacks work

Business email compromise attacks will often start with a threat actor cunningly spoofing company email accounts, enabling them to impersonate a firm’s members of upper management, and in some cases even the CEO. The email address used appears legitimate. As a result, it can bypass email security filters that normally block malicious messages from reaching personnel.

After getting past these security measures, the spoof email then ends up in intended recipient’s inbox. The message looks entirely legitimate, as does the requests it includes. The operator behind the BEC attack will commonly ask for a financial sum to be paid out to a nominated account.

As the message looks authentic and appears to originate from management, BEC victims feel comfortable complying with any request made. The BEC operator may ask the target to transfer funds directly or request that a cheque is deposited. The payment method asked for is informed by details gleaned on how the firm typically makes a financial transaction, and the option insisted upon in BEC emails will match the company’s standard operating procedure. This tactic ensures that the recipient never becomes suspicious and raises an alarm.

In recent years, threat operators have moved on from using BEC attack for financial gains. Now, this cybercriminal activity is a common option for threat actors seeking to obtain personally identifiable information (PII) and employee credentials. The information obtained through BEC attacks is then used to penetrate an enterprise’s network even more deeply. As such, BEC attacks can be a prelude to a more serious threat such as a ransomware assault.

Can you avoid BEC attacks?

Businesses keen to protect their staff from BEC attacks can consider specific steps. For example, they can set up a company domain and use it to establish dedicated email accounts for employees instead of making use of free options which are far easier to spoof.

All email accounts should be protected with multifactor authentication. This advanced measure for email authentication will ask for further information to access email accounts, and may include PINs, passcodes, and even biometric data like fingerprint scans and facial recognition.

Staff must also be instructed on how to respond to emails that they receive from suspicious senders. These messages should not be opened, and any attachments or links that are included must never be interacted with.

At Galaxkey, we can offer a wide range of email security tools for enterprises including powerful encryption that can keep all data stored in accounts, or sent out to recipients free from prying eyes. Contact our team today for more information and a free trial.