Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Business email compromise (BEC) is a type of cyberattack that targets corporate employees who are responsible for handling procurement and/or wire transfers within a specific business division. The goal of this social engineering scam is to trick the victim into sending money or other high-value business assets to the attacker.
According to the FBI’s Internet Crime Complaint Center (IC3), BEC attacks are one of the most profitable types of cyberattacks, resulting in the loss of billions of dollars each year domestically and internationally. Businesses that work with foreign suppliers, businesses that regularly transfer money wirelessly, and business that use public cloud email services are especially vulnerable to BEC attacks.
This type of attack is often initiated through a phishing email that appears to be legitimate business correspondence. For example, the fraudulent email might contain what looks like a simple address change request from a legitimate business partner. If the change request is accommodated without being verified, however, the victim will end up sending the next financial payment or purchase to a location under the attacker’s control.
BEC attacks are often initiated through spear phishing emails that target employees with specific job roles. This type of malicious email is usually well-written and closely resembles normal correspondence specific to the business that is being victimized. Types of known BEC attack vectors include:
To prevent a BEC attack from being successful, the FBI recommends that organizations take the following steps:
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What are Integrated Payroll Services? Integrated payroll services are features and functionalities built into other HR software, most commonly an...
Aleksandar StevanovicSoftware Reviews Expert
What is the Work Opportunity Tax Credit? The Work Opportunity Tax Credit (WOTC) is defined by the U.S. Department of...
What is Earned Income Tax Credit? Earned Income Tax Credit (EITC) is a refundable tax credit awarded to workers and...
Trending NewsLatest GuidesReviewsTerm of the Day