Business Email Compromise (BEC)

What it is: A sophisticated form of cybercrime where attackers impersonate high-level company executives (e.g., CEO, CFO) or trusted vendors via email to deceive employees into performing unauthorized actions, typically involving the transfer of funds or the disclosure of sensitive information. Unlike traditional phishing, BEC attacks often involve highly targeted and well-researched campaigns, sometimes without the use of malware.

How it works: Attackers often conduct extensive reconnaissance on their targets, gathering information about organizational structures, key personnel, and business processes (e.g., invoice payment procedures, vendor relationships). They then craft highly convincing emails, often using spoofed email addresses (with subtle variations of legitimate domains) or compromised legitimate accounts. These emails typically convey a sense of urgency or authority, instructing employees to perform wire transfers to fraudulent accounts or to provide confidential data. Variations include vendor email compromise (VEC), where attackers impersonate vendors to intercept payments.

Example with key data: In 2016, Ubiquiti Networks, a global networking company, fell victim to a BEC attack that resulted in a loss of $46.7 million. The attackers impersonated executives through carefully crafted emails targeting the company’s finance department. These emails instructed employees to wire funds to fraudulent bank accounts under the guise of legitimate acquisition-related payments. The key data point is the substantial financial loss resulting from the manipulation of internal financial processes through social engineering and sophisticated email impersonation, highlighting the significant financial risks associated with BEC attacks.