Business Email Compromise Attack

By Staff Contributor on December 18, 2020

Business email compromise is an increasingly common type of cyberattack and can have a disastrous impact on a business if successful. To fully understand how to prevent business email compromise, you should first know the business email compromise definition and the different types of business email compromise attack your business may encounter—all of which will be addressed in this guide.

This guide also recommends SolarWinds® Identity Monitor as the best SaaS software for mitigating the risk of business email compromise. Identity Monitor prevents account takeover by notifying you if your corporate credentials have been leaked, so you can take proactive steps to prevent business email compromise. You can check your corporate email account exposure for free with Identity Monitor by clicking here.

Business Email Compromise Definition

Business email compromise, also known as BEC, refers to an attack in which a cybercriminal gains access to one or more corporate email accounts. Once access has been obtained, the attacker then imitates the actual account owner’s identity, with the aim of defrauding the business and its staff, partners, or customers. In many cases, a cybercriminal will establish an email account using an address nearly identical to the one used by the corporate network.

BEC attacks are often perpetrated by criminal, transnational organizations, many of which employ linguists, hackers, social engineers, and lawyers to make their business email compromise attempts more sophisticated and successful. A BEC scam attack can manifest in multiple ways but, in most cases, cybercriminals will target staff members who have access to corporate finances. The attack will endeavor to trick these staff members into making a wire transfer of funds to a bank account they believe to be trusted (such as the CEO’s account), when in fact the funds are sent to the hacker.

Business Email Compromise Techniques

A BEC scam attack typically involves a cybercriminal assuming the identity of a trusted individual in a corporate environment, with the intention of convincing someone in the company to send funds to the criminal’s bank account. Most business email compromise victims are organizations that regularly make payments to international clients via wire transfers, because these companies are less likely to be suspicious of wire transfer requests.

Business email compromise attackers leverage different techniques to successfully deceive their victims, but a common attack route involves the cybercriminal accessing a corporate network through a combination of spear-phishing and malware. If undetected, the cybercriminal can take their time examining every aspect of an organization’s internal systems and information, including billing systems, correspondence habits between employees and executives, vendor details, and much more. These insights enable the attacker to launch a targeted and convincing business email compromise attack.

When appropriate—often when the staff member being impersonated is out of office—the cybercriminal will send out a fake email to someone with the power to make wire transfers. Usually, the attacker will request an immediate transfer of funds, perhaps to a trusted vendor. Because the employee who received the email believes the funds are being sent to a trusted account, they’re likely to make the transfer. In reality, the funds are deposited into an account owned by the criminal, or a group of criminals.

If the fraud isn’t noticed in a short amount of time, recovering the funds can be impossible. This is because laundering tactics can be used to move the stolen funds to alternative accounts.


Business Email Compromise Tactics

There are several business email compromise tactics regularly used by cybercriminals. Here are some of the most common techniques:

  1. Spoof Websites and Email Accounts

This simple but effective method of business email compromise involves attackers using an email address that closely resembles a legitimate and trusted email address to deceive victims into trusting fake accounts. For example, might become The very slight modification to the original email address may mean the fake email address does not arouse suspicion.

  1. Spear-Phishing

Spear-phishing is when a fake email the recipient believes is from a trusted source prompts the recipient to expose confidential data, which can then be used to exploit the company.

  1. Malware

Malware is leveraged to infiltrate business networks, with the aim of gaining access to a company’s internal systems and data. Often, this type of attack is used to view authentic email correspondence regarding company finances, so this information can be taken advantage of by the cybercriminals. Malware also allows cybercriminals to establish access to sensitive company data.

Types of Business Email Compromise

Most emails sent by cybercriminals will adhere to one of the following archetypes, which are identified by the FBI as the most common types of BEC attacks. Being aware of these types of business email compromise attacks can help you avoid them.

  1. 1. Fake Invoice

Organizations that use foreign suppliers and vendors are often the target of this tactic, which involves cybercriminals impersonating suppliers and requesting money transfers for payments. The money is sent to accounts owned by criminals.

  1. CEO Fraud

In this type of attack, cybercriminals pretend to be the CEO of the company, or a high-ranking executive, requesting money to an account owned by the criminal. This is a very effective type of BEC attack because employees will hesitate to risk questioning the legitimacy of their employer’s emails.

  1. Account Compromise

Account compromise entails an employee or executive’s email account being hacked and leveraged to request payments to suppliers included in their list of email contacts. Funds are ultimately sent to accounts owned by the fraudsters.

  1. Impersonating Attorneys

This type of business email compromise attack involves a cybercriminal impersonating a lawyer or attorney, often via email or over the phone. These attacks are usually launched at the end of the day, when victims are likely to be low-level staff members lacking the authority or knowledge to question the authenticity of the person establishing contact.

  1. Data Theft

Bookkeeping and HR staff members are targeted for these types of attacks, with the cybercriminals aiming to obtain sensitive or personal information about executives or employees. Acquired data may be leveraged in the future to facilitate further attacks.

The Importance of Business Email Compromise Prevention

Compromised business email can do serious damage to a company’s finances, reputation, and overall likelihood of success. Because of this, knowing how to prevent BEC scams is of critical importance.

How to Prevent Business Email Compromise

There are numerous ways to prevent business email compromise. This includes but is not limited to training staff to spot signs of business email compromise, payment verification, confirmation requests, and implementing intrusion detection system rules. Another key way of preventing BEC scams is to leverage tools designed to notify you if your corporate credentials have been compromised, so you can take action to prevent damage.

SolarWinds Identity Monitor can help you prevent business email compromise by giving you access to highly advanced utilities designed to help you stay one step ahead of cybercriminals. Identity Monitor features account takeover prevention capabilities, enabling you to add your email domains to a credential exposure watchlist, so you’re informed immediately if your details are leaked. You can even reset passwords instantly, before they can be misused. Identity Monitor also offers remediation advice and allows you to monitor IP addresses for malware.

Getting Started With Preventing BEC Attacks

Business email compromise, when successful, can cause potentially irreparable damage to your business. To protect your company’s data security, employees, and clients, we recommend implementing a tool that can continuously check for credential exposure.

For a taste of how SolarWinds Identity Monitor can help your company prevent business email compromise, check your corporate credential exposure for free here.

Related Posts