ELI5: What is Business Email Compromise?
A bad guy pretends to be your boss in an email and asks you to send money or secret information. It is like getting a note that looks like it is from your teacher but was actually written by a bully.
Definition
Business Email Compromise (BEC) is a sophisticated social engineering attack in which attackers impersonate executives, vendors, or trusted business partners via email to manipulate employees into transferring funds, sharing sensitive data, or changing payment instructions. BEC is one of the highest-dollar cybercrime categories tracked by the FBI and typically involves either compromising a legitimate email account or spoofing one convincingly.
Key Details
- Common scenarios: CEO fraud (requesting wire transfer), invoice fraud, W-2 data theft
- Attackers often conduct reconnaissance on the organization before crafting convincing messages
- Technical controls include DMARC, DKIM, SPF, and email gateway impersonation detection
- Employee training is critical — users are the last line of defense against well-crafted BEC
- FBI IC3 reports BEC losses in the billions annually; organizations should have multi-person approval for large transfers
Connections
- Parent: email-security — BEC is a major email-based threat requiring multiple layers of defense
- See also: anti-phishing-controls