Business email compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.

In a typical BEC attack, the victim (who believes they are responding to a legitimate request) is coerced into transferring money into an account controlled by the criminal. For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions.

BEC is usually conducted by a targeted phishing mail. Unlike standard phishing emails (which are sent indiscriminately to millions of users), BEC emails are tailored to individuals within organisations. The email might impersonate someone the victim already corresponds with regularly, or even include the text from an existing email thread, so the victim believes they’re dealing with a legitimate correspondence. Since these phishing emails often target a ‘big fish’ (often a board member or an employee with access to valuable assets), this type of cyber-attack is also known as whaling.

Since BEC emails are normally sent in low volume, standard email filters (designed to identify ‘scam emails’) may struggle to detect them, especially if they come from a legitimate email account that has already been hacked. Alternatively, a BEC email may have been sent from a ‘spoofed’ domain, designed to trick users that they are dealing with a legitimate organisation. Some BEC emails may contain viruses disguised as invoices, which are activated when opened.