Extract from BIA’s article “Business Email Compromise (BEC) Attacks: What You Should Know”
Is your organization ready to combat Business Email Compromise (BEC) attacks?
Business Email Compromise (BEC) attacks are a type of phishing attack where cybercriminals send emails to targeted personnel posing as fellow employees, managers, retirees, or contractors, in an attempt to establish a trusted relationship or take advantage of one that already exists. Once hackers make a connection, they exploit that trust to extract sensitive financial information, re-route vendor payments, send payroll direct deposits to an account they control, and other such nefarious activities. If the hackers can compromise an email account of someone within the organization, gaining access to their business contacts and other sensitive data, they use those resources to launch additional attacks against the company, its customers, or its business partners.
Business email compromise attacks affect commercial and governmental entities as well as non-profits. In December 2020, for example, hackers targeted and compromised the affordable housing organization One Treasure Island through a 3rd party bookkeeper. They inserted themselves into an email chain, pretended to be associated with the non-profit, and within a month, siphoned $650,000 from the organization.
BEC attacks are only increasing in frequency and complexity as attackers expand their strategies to exploit remote work tools and platforms now common in businesses. Given that the number of attacks and the amount of money stolen continues to rise, it’s more critical than ever that organizations adopt plans, policies, and training to combat such attacks.