Business Email Comprimise (BEC)
Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cybersecurity at risk or spill data.
Business email compromise (BEC) is a form of targeted phishing, or spear phishing. Criminals target organisations and try to scam them out of money or goods. They also target employees and try and trick them into revealing important business information.
Criminals use emails to pretend to be business representatives. They also use the compromised email accounts of employees.
Maybe a friend, colleague, or service provider has received a suspicious email from ‘you’, but you didn’t send it. The email may request payment for an invoice or ask to change bank account details.
Alternatively, maybe you noticed you are receiving unusual emails in your own email account. They may be about suspicious login activity or unexpected password resets. You might have also noticed emails have been deleted or moved to different folders. These could be indicators of BEC.
Business email compromise is when malicious actors use email to abuse trust in business processes to scam organisations out of money or goods. Malicious actors can impersonate business representatives using similar names, domains and/or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.
Common scams associated with business email compromise include:
- Invoice fraud: Malicious actors compromise a vendor’s email account and through it have access to legitimate invoices. The malicious actors then edit contact and bank details on those invoices and send them to customers with the compromised email account. The customer pays the invoice, thinking they are paying the vendor, but instead send that money to malicious actors’ bank accounts.
- Employee impersonation: Malicious actors compromise a work email account and impersonate a co-worker via email. Malicious actors can use this identity to commit fraud in a number of ways. One common method is to impersonate a person in power (such as a chief executive officer or chief financial officer) and have a false invoice raised. Another method is to request a change to a worker’s banking details. The funds from the false invoice or the worker’s salary is then sent to malicious actors’ bank accounts.
- Company impersonation: Malicious actors register a domain with a name very similar to a large, known and trusted organisation. Malicious actors then impersonate the organisation in an email to a vendor and request a quote for a quantity of expensive goods, like laptops. Malicious actors negotiate for the goods to be delivered to them prior to payment. The goods are delivered to a specified location, however, the invoice is sent to the legitimate organisation, who never ordered or received the goods.
Protect your organisation:
- Be vigilant against phising
- Use Multifactor Authentication
- Have protecttive business processes in place
- Implement the Essential 8
