We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Protecting Against Business Email Compromise

Learn about Business Email Compromise and take the quiz to understand how to spot these tactics

Business Email Compromise (BEC) is a sophisticated fraud scheme used by criminal organizations that leverage social engineering techniques to trick employees into divulging company sensitive information or making payments based on fraudulent instructions. BEC is constantly evolving to bypass companies’ protections, making this type of fraud challenging to detect. Learn more about BEC and take the quiz to understand how to spot these tactics.

Common BEC Attacks

  • Fraudsters compromise an employee’s email account; often referred to as "email account takeover" or "hacking"
  • Fraudsters send a spoofed or masked email containing a forged email header that hides the true origination of a message; often referred to as "spoofing" or "masking"
  • Fraudsters purchase/register a domain closely resembling the legitimate company’s, then set-up a related email account to target the victim company; often referred to as "lookalike domains"
Group 7 Created with Sketch. 75% of organizations experienced business email compromise in 2019*
Group 8 Created with Sketch. 37% of organizations reported fraudsters accessing ACH credits in BEC in 2019*
Group 12 Created with Sketch. $26B+ of organizations reported fraudsters using wires in BEC in 2019*

*Source: 2020 AFP Payments Fraud & Control Survey Report

Trending Scenarios

  • Real Estate Transactions: During a real estate transaction, criminals may impersonate sellers, realtors, title companies or law firms to trick the home buyer into transferring funds into a fraudulent account.
  • Data and W-2 Theft: Criminals use a spoofed or compromised executive email account to send fraudulent requests for W-2 information or other personally identifiable information to HR staff or others within the business who maintain confidential employee records.
  • Supply Chain: Criminals send fraudulent wire transfer requests to redirect funds during a pending business deal, transaction or invoice payment to an account controlled by organized crime groups.
  • Law Firms: Criminals discover information about pending litigation or trusts and impersonate a law firm’s client to change the recipient bank information to a fraudulent account.
  • School Construction: Criminals search the websites of public schools, colleges and universities that promote their construction projects then use that information to pose as the contractor or construction company to divert the funds to the scammer’s accounts.
  • Gift Cards: Criminals use a spoofed or compromised executive email account to send fraudulent requests for gift cards as holiday gifts or performance awards.

Why Do Attackers Use BEC?

Using these various methods makes BEC emails harder to detect, so information can be requested or fraudulent instructions provided without looking suspicious.

Employee Manipulation

Employee Manipulation Cybercriminal poses as company executive and emails finance person Finance sends funds to cybercriminal’s account Cybercriminal receives money

Account Manipulation

Account Manipulation Compromised employee account is used to request payment Recipients transfer payments to cybercriminal’s account Cybercriminal receives money

 

 

Practices To Help Prevent BEC

  • Train employees on suspicious email trends
  • Enable controls so all emails from outside the firm are marked as external
  • Always verify any change to payment instructions no matter how it is sent or whether it passes all of the controls
  • Enable email controls:
    • SPF – Sender Policy Framework
    • DKIM – Domain Keys Identified Mail
    • DMARC – Domain-based Message Authentication, Reporting & Conformance

Test Your Knowledge

The protections we have around BEC can be bypassed by fraudsters.

TRUE

correct Created with Sketch.

FALSE

wrong Created with Sketch.

Fraudsters are constantly evolving their tactics.

SPF, DKIM, and DMARC are all email controls that may help to prevent BEC.

TRUE

correct Created with Sketch.

FALSE

wrong Created with Sketch.

Even with these controls enabled, fraudsters may be able to send BEC.

The percentage of organizations experiencing BEC has risen to 75%.

TRUE

correct Created with Sketch.

FALSE

wrong Created with Sketch.

BEC has risen from 64% in 2015 to 75% in 2019.

Lookalike domains refers to fraudsters purchasing/registering a domain closely resembling a legitimate company’s domain. Then, they set-up a related email account to target the victim company.

TRUE

correct Created with Sketch.

FALSE

wrong Created with Sketch.

Fraudsters can use email accounts with domains that resemble legitimate companies to fool victims into accepting the email as legitimate.

Fraudsters are able to takeover email accounts, study how an accounts payable/receivable group communicates with vendors/customers and send BEC emails as if they were a party in the email chain.

TRUE

correct Created with Sketch.

FALSE

wrong Created with Sketch.

Fraudsters can use stolen credentials to take over email accounts.

Which of the following is an example(s) of a fraudster using the BEC fraud scheme?

Answer Selector A fraudster impersonating a real estate seller to trick a home buyer into transferring funds into a fraudulent account
Answer Selector A fraudster impersonating a law firm’s client to change bank information to a fraudulent account
Answer Selector A fraudster sending a fraudulent wire transfer request to redirect funds, during a pending business deal, to an account controlled by organized crime groups
Answer Selector A fraudster impersonating a company executive to have an urgent wire sent for a secret deal
Answer Selector A fraudster impersonates a company executive to have gift cards purchased and provide to them under the guise of holiday gifts or bonuses
Answer Selector All of the above

What is an example of a practice to help prevent BEC?

Answer Selector Always verify any change to payment instructions no matter how it is sent
Answer Selector Delete emails
Answer Selector Click on all the links in an email for verification
Answer Selector Always trust every email that comes in; if it passes the company’s controls, it is always safe

Which type of fraud attempts continue to drive the majority of losses, with an increasing amount using ACH credits instead of wires?

Answer Selector Malware
Answer Selector Social Engineering
Answer Selector Business Email Compromise
Answer Selector Block Chains
Back to top

Related Insights