Business email compromise

From Wikipedia, the free encyclopedia
  (Redirected from Business Email Compromise)
Jump to navigation Jump to search

Business email compromise attacks (BEC) are a form of cyber crime which use email fraud to attack commercial, Government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack.

Typically an attack targets specific employee roles within an organization by sending a spoof email (or series of spoof emails) which fraudulently represent a senior colleague (CEO or similar) or a trusted customer. [1] The email will issue instructions such as approving payments or releasing client data. The emails often use social engineering to trick the victim into making money transfers to the bank accounts of the fraudster.

The worldwide financial impact is large, with the US's FBI in 2017 reporting losses, " totaling over $3 billion.”[2]

From 2016 to 2018 BEC made over $5 billion. By 2020 there are expected to be 20 billion connected IoT devices, making it easier for adversaries to successfully carry out ransomware attacks including BEC[3].


See also[edit]


  1. ^ Joan Goodchild (20 June 2018). "How to Recognize a Business Email Compromise Attack". Security Intelligence. Retrieved 11 March 2019.
  2. ^ "Business E-Mail Compromise". FBI. Retrieved 20 December 2018.
  3. ^ Uzialko, Adam (June 14, 2018). "19 Small Business Trends and Predictions for 2018" (PDF). Business News Daily. Retrieved February 24, 2019.
  4. ^
  5. ^ "Austria's FACC, hit by cyber fraud, fires CEO". Reuters. 26 May 2016. Retrieved 20 December 2018.
  6. ^ "Te Wananga o Aotearoa caught up in $120k financial scam". NZ Herald. Retrieved 20 December 2018.
  7. ^ "Fire Service scammed out of $52,000". RNZ News. 23 December 2015. Retrieved 20 December 2018.
  8. ^ Hackett, Robert (August 10, 2015). "Fraudsters duped this company into handing over $40 million". Fortune magazine. Retrieved 20 December 2018.
  9. ^ Wallack, Todd (13 December 2018). "Hackers fooled Save the Children into sending $1 million to a phony account". The Boston Glob. Retrieved 20 December 2018.
  10. ^ Powell, Dominic (27 November 2018). "Business loses $300,000 to 'spoofed' email scam: How to protect yourself from being impersonated". Smart Company. Retrieved 14 December 2018.