Business Email Compromise Is a Major Threat Actor Tactic — And It’s Growing

Share :

You can never be too careful these days when conducting business online. This is especially true when responding to email requests that require payments or the release of funds. 

Business Email Compromise (BEC) is quickly becoming a top tactic for threat actors, and they have become increasingly adept at not only spoofing email addresses but taking over accounts altogether once they are compromised — all with the goal of tricking users and stealing funds.  

While BEC attacks traditionally target financial institutions and users who have access to the purse strings — think a CEO suddenly emailing the CFO about a wire transfer — even these kinds of attacks are growing in sophistication. According to a recent FBI advisory, cybercriminals are utilizing the tactic to steal food shipments valued at hundreds of thousands of dollars.  

This creative use highlights how BEC attacks are taking over the cybercrime landscape. 

BEC Attacks Are Increasing 

Arctic Wolf recently surveyed 900-plus global security leaders about their top concerns, and the BEC results showed that this social engineering tactic needs to be top of mind.  

52% of organizations experienced a breach in the past 12 months, and of those, a third of the attacks were BEC attacks. BEC attacks were also listed as the “top concern” for 38% of respondents. In addition, 89% of the respondents have been targeted by malicious messages in the last twelve months, and 41% of those fit the bill of BEC as “an email or text message that impersonates an executive at your company.”  

The rise in BEC is not surprising. Cybercrime is now a trillion-dollar industry, and the potential payout for a BEC attack is surely spurring threat actors to try the lucrative tactic. In 2021, one BEC attack on city officials in New Hampshire resulted in the loss of $2.3 million. There’s major money at risk, with the FBI reporting that these attacks have cost U.S. businesses $1.6 billion since 2013. 

Learn more about these concerns on our “Top Security Concerns: A Global Perspective” page. 

The Five Main Types of BEC Attacks 

These attacks can arrive in many forms, and each is unique. Here are the top five users should be on the lookout for, especially if they work with financial information or finances within their organizations. 

1. CEO Fraud

Attackers position themselves as the CEO or executive of a company. They typically email an individual within the finance department, requesting funds to be transferred to an account controlled by the attacker.

2. Account Compromise

An employee’s email account is hacked and is used to request payments to vendors. The email in this case is legitimate, but employees should be on guard to question and double-check unusual requests.  

3. False-Invoice Scheme

Attackers act as if they are a company supplier and request fund transfers to fraudulent accounts. 

4. Attorney Impersonation

Attacker impersonates a lawyer or legal representative. Lower-level employees are commonly targeted through these types of BEC attacks.

5. Data Theft

These attacks target HR employees to obtain personal or sensitive information about individuals within the company, such as CEOs and executives. This data can then be leveraged for future attacks.  

How to Protect Against BEC Attacks 

While these threats may be rising in both volume and concern levels, there are tactics to stop them before millions are stolen or an email account is fully hacked. 

  • Like all social engineering tactics, a strong defense against BEC attacks starts with a good offense, and that offense starts with security awareness training. Building a strong security awareness culture can help employees understand that kinds of risks they face in their inboxes and help them become a strong line of defense against these growing attacks
  • However, humans aren’t the only tools available. Monitoring software can help detect abnormal activity while offering broad visibility into an organization’s environment.
  • In addition, utilizing identity and access management techniques such as multi-factor authentication and monitoring access to certain accounts and assets can not only prevent a threat actor from gaining access, but can help sound the alarm is suspicious activity occurs. 

Learn more about how much a BEC Attack could cost your organization with our “Cost of a Breach Calculator.” 

Better understand how BEC attacks work with our webinar, “Investigating the Big Business of Cybercrime.” 

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter