Scam Alert

Business Email Compromise

9 November, 2023

You probably remember at least one situation when one of your employees got a letter that was made to look like it was sent from you but actually was some spam message or worse. It might have been created to hijack your customers or block your operations. We hope you deleted it...

Business Email Compromise is a common term for a Phishing attack that can seriously impact any organization's operations. It refers to the process of receiving email(s) that are not legitimate with a purpose of disrupting business operations. The most common forms of Business Email Compromise, all related to financial gain, would be: 
 

email

CEO Emails

These are generally tailored for financial gain with the email purportedly coming from a trusted executive (CEO or otherwise) within the company. These emails prey on the employees seeing the recognized display name of someone, not realizing (or seeing) that the email address behind that display name is not legitimate. Requests for confidentiality and urgency are common characteristics of these emails. The result typically involves a single employee procuring gift cards whose details are sent to the threat actor, or, in more serious cases, the Finance department to wire/transfer funds to an account controlled by the threat actor. 

money

Account Compromise

This typically occurs when an employee's email account has been hacked (typically, as a result of weak passwords applied to accounts). The threat actor then leverages access to this account to request payment from vendors to an account controlled by the threat actor. 

invoice

Fake Invoices

Although these can occasionally occur with the above account compromise, this is more well known for masquerading as a supplier and requesting that funds be transferred for invoices that are fake. The invoices, typically attached to those emails, are in HTML or "non-standard" formats, rather than PDF, or Office Documents. 

It would not be a stretch to state that the impact of a Business Email Compromise can be as large as you can imagine. Based on all the above, the most common types of associated risk (as far as the result of a BEC) are: 

  • The loss of thousands, hundreds of thousands or millions of dollars from paying fake invoices or having data stolen/held for ransom;
  • The fracture of customer relationships and potential loss of trust due to an avoidable compromise that leads to customer data impacts;
  • The potential loss of trust from employees and identity theft, if data that was compromised or stolen is PII (Personally Identifiable Information);
  • The loss of IP (Intellectual Property) either by data being stolen, or, by accidental data leak due to trusting a threat actor that appeared legitimate.