What is a ‘Business Email Compromise’ BEC attack?

This article will cover cover everything you need to know about a specific form of phishing: Business Email Compromise (BEC):

  • What is BEC?
  • Who is targeted by BEC?
  • What is the impact of a BEC attack?
  • How to prevent BEC?


What is Business Email Compromise and who gets targeted?

Business Email Compromise (BEC), also referred to as a ‘Man in the email’ or ‘Man in the middle’ attack, is a specific form of phishing where cyber criminals spoof the email addresses of an organization’s executive (most of the times C-level) to defraud the organization’s employees, partners, etc.

Cyber criminals can spoof the email address of an organization’s executive to increase the credibility of an email. The attack is usually targeted at specific individuals in order to obtain money or confidential information. The methods usually used are wire transfers but check payments can also be requested.

An example of Business Email Compromise:

What does a Business Email Compromise phishing attack look like? A cyber criminal can send an email on behalf of a CEO to the CFO of the same organization. The email will be an urgent and confidential request to transfer a large sum of money to a certain bank account in order to finance a secret competitor take over.

What is the impact of a ‘Business Email Compromise’ attack?

The impact of a this kind of attack can be enormous. Recent FBI statistics point out that, between October 2013 and May 2018, there have been 78,617 incidents which involved Business Email Compromise attacks. The total exposed dollar loss was over 12 billion US dollars! Year by year, the amount of such attacks are increasing, the damage has already increased in two years by more than 136 percent and there are fraud reports from 150 countries.

In addition to direct financial loss, BEC can cause indirect financial loss when attacks are publicly announced. This damages the brand image and trustworthiness.

How can ‘Business Email Compromise’ attacks be prevented?

Creating awareness about this topic with training sessions is one of the most common methods organizations use to prevent attacks. Despite being a good method, it does not prevent the attack, it only creates awareness.

Unfortunately, there is no solution to prevent cyber criminals from sending a BEC email on behalf of a company. However, by using DMARC it is possible to block these BEC emails. DMARC gives you insight into the email channel and an organization can determine which sources are sending out emails on their behalf. Based on this information organizations can make sure all their valid sources get correctly authenticated. Once all valid sources are correctly authenticated an organization can enforce their DMARC policy.

When the DMARC policy is enforced to ‘reject’, all malicious emails will be rejected and will not reach the inbox of the receiver anymore. This will prevent Business Email Compromise emails from harming employees or customers of an organization.

To conclude, DMARC is a way to protect an organization against BEC attacks. Having DMARC enforced on all domains of an organization ensures that employees and customers will never be vulnerable to a Business Email Compromise attack.