Business Email Compromise (BEC)

What Is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a type of cybercrime in which attackers use social engineering techniques to gain access to a company's email accounts and use them to commit fraud. BEC attacks are typically targeted at businesses and organizations, and can result in significant financial losses. BEC attacks are often conducted by sophisticated criminal organizations, and can be difficult to detect and prevent.

Description

BEC attacks typically involve the attacker gaining access to a company's email accounts, either through phishing or other means, and then using those accounts to send fraudulent emails to employees, customers, or partners. These emails may appear to be from a legitimate source, such as a senior executive or a trusted partner, and may request that the recipient take some action, such as transferring funds or providing sensitive information. BEC attacks can be highly targeted and sophisticated, making them difficult to detect.

Usage and Examples

BEC attacks are commonly used to commit financial fraud, such as by requesting that an employee transfer funds to a fraudulent bank account. They can also be used to steal sensitive information, such as login credentials or financial data. Examples of BEC attacks include the CEO fraud, in which an attacker impersonates a senior executive and requests that an employee transfer funds to a fraudulent bank account.