Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
A business email compromise (BEC) attack is a type of deceptive hack in which malicious outsiders target company email systems. By spoofing a corporate email account, BEC attackers can get access to critical data and perform various kinds of effective hacking. These attacks are also often called “man-in-the-email” attacks.
Specific types of business email compromise attacks happen when hackers get access to other users by spoofing business emails. The bogus invoices scheme, where attackers request fund transfers and final payments into their own accounts, is one of the most common. There is also executive fraud, where attackers impersonate leadership. In addition to executive fraud, attackers can impersonate an attorney or some outside party requesting sensitive information.
Hackers can also use account compromise setups to get users to change information and to give that data to hackers. Various kinds of data theft can also apply.
Business email compromise is also hard to guard against because the emails do not have some of the hallmarks of other types of malware.
Companies have to put in place specific policies to prevent business email compromise attacks and safeguard business email systems so that fraudulent parties cannot become impostors via email. Security pros and vendors should be knowledgeable about ways to guard email systems against this kind of deceptive “social hacking” that in many ways resembles broader “spear-phishing” techniques.