A Business email compromise (BEC) is an exploit in which the attacker gains access to a corporate email
account and spoofs the owner’s identity to defraud the company or its employees, customers or
partners of money. Business Email Compromise or BEC is a sort of phishing attack that is on the rise. In
this type of phishing attack, the attacker gains access to a corporate email account and posit himself as
the owner of the account to defraud the company or its employees, customers or partners of money.
There are instances where an attacker simply creates an account with an email address that is very
similar to one on the corporate network. BEC is a form of sophisticated phishing that have cost victims
billions of dollars in fraud losses. BEC attacks are usually designed to impersonate senior executives of a
particular firm with the sole intention of inflicting a negative impact monetarily or otherwise on that
Business Email Compromise (BEC) on the rise
In the face of the coronavirus outbreak, the massive shift to remote working has dramatically expanded
the attack surface for BEC crime groups the world over. The repercussions, and the harrowing losses,
will be felt long after Work from Home mandates come to an end.
BEC is big business. In a recent survey from JPMorgan, 75% of US companies reported suffering direct
financial damage from such schemes in 2019. According to FBI statistics, that translated into more than
$26 billion in business losses worldwide since 2016—or $700 million each month.
How does BEC take place?
● Spoof and Email account
An attacker begins a BEC attack by spoofing an email first. Attackers use slight variations on legitimate
email accounts to trick victims into thinking fake accounts are authentic. e.g. if we consider
email@example.com to be an authentic email ID, a BEC attacker would change this email ID
● Spearphising emails
These emails pretend to be emails from legitimate business accounts thus easily deceiving the receiver.
Since, the receivers are under the impression that the sender is a trusted source they are easily
manipulated and prone to divulging sensitive information. This leads to the criminals accessing
the crucial data required for them to carry out the BEC schemes.
● Use of Malware
BEC attackers use malicious software extensively that can infiltrate company networks and access data
and information about various financial dealings from legitimate email threads. These are then
used in turn to time requests so that employees in the finance department don’t question the
payment request. Attackers also use malware to gain undetected access to vital personal data
such as passwords and financial account information.
The kind of threat BEC poses
For its “Abnormal Quarterly BEC Report Q1 2020 report”, Abnormal Security reports that BEC attacks are
increasingly becoming more sophisticated. Attackers are much more elaborate in their process in pulling
off a BEC scheme. BEC attackers have also shifted their focus from specific targets. Executives are less
likely to be impersonated now than employees working in the finance department and those who work
as external vendors. Cybercriminals have also shifted from targeting specific individuals to targeting
groups. Though, these types of attacks seem more generalized and have the potential of being an
unsuccessful BEC campaign but it significantly increases the odds that at least one person will fall for the
scam. As BEC attacks directed toward a single person decreased, campaigns using paycheck fraud also
dropped as these are typically targeted at individuals but attacks using invoice fraud increased as BEC
campaigners started impersonating vendors, suppliers or customers. Though BEC represents a small
portion of all email attacks, according to FBI, BEC attributed to half of all cybercrime related losses in
Prevention of BEC attacks
● A cautious approach should be undertaken regarding the information we are making public on
the internet. It makes the work of a BEC attacker tougher if he has to engage longer to fork out
● It is best not to click any links asking to update or verify account information
● It is advisable to carefully examine the sender’s email address. BEC attackers use slight
variations to trick their targets
● Cautious approach should be followed while downloading something, it is best not to download
attachments received from someone unknown
● Multi-factor authentication for any account which allows it is a way to secure email addresses
● One must keep an eye for out-of-domain impersonation techniques such as adding “s” to the
end of a known domain, adding “int” or “inc” at the end of a known domain to make it look
Prime Infoserv, has supported many organizations to prevent BEC by Email Threat Protection (ETP)
solution for name spoofing, targeted attacks and deceiving email addresses. Evaluations are
authorized through Office 365 and one must possess the admin rights. Prime Infoserv does not
access any of the credentials, the analysis runs through a fleeting storage, which is destroyed after
the report is generated. This service does not require the deployment of any software or hardware
and the evaluation typically takes 1-5 days. The length of the process usually depends upon the
number of emails the configured mailboxes have. The evaluation process is free of cost and there
are email updates regarding each step of the process. The assessment mainly focuses mainly on
malicious attachments and URLs linked to phishing sites.
This post was written by Prime Research Team