Cancel Preloader

Business Email Compromise – What is it and how do you stop it?

The financial effect of Business Email Compromise (BEC) has continued to escalate, thanks to threat actors’ ever-evolving strategies. A strong organizational digital security framework is critical in preventing BEC attacks that can cripple legitimate business activities. Protecting an organization’s data, information assets, and financial resources ensures compliance and business longevity.
Although most successful BEC attacks go unnoticed, they are incredibly effective, and malicious actors continue to use them. An attack can be launched with a simple email that seems authentic. This is because email is widely used for commercial and personal communication. With a successfully compromised email account, can use social engineering tactics to make seemingly legitimate requests to their victims.

How does it work?

BEC also known as Email Account Compromise (EAC), is triggered when an email message is received from an attacker that seems to come from a known trusted source with legitimate requests. Malicious actors carefully research and monitor their potential victims ahead of an attack. Often taking advantage of the status quo or timing a vulnerable moment where current events would prompt victims to pay  attention to emails sent. For instance, receiving an email from a home title registration company with instructions to make a down payment or impersonating a CFO to request a wire transfer that could go unnoticed.
These attacks have become more prevalent with organizations incorporating remote working. The FBI, in a three-year period between June 2016 and July 2019 found 166,349 instances of BEC with a total exposed loss of over $26 billion. That number has continued to increase dramatically in 2020 and 2021. There are far too many distractions in recent times  that create opportunities  which can be successful with one email. As society continues to deal with the Covid19 pandemic, fraudsters keep looking for ways to take advantage. Some of these include using attractive pandemic related themes in subject lines of emails. We have continued to see attackers reference themes like Covid-19 Vaccines, very consistent with what is going on in the media. They specifically try to reference those words and phrases in the hope to lure potential victims. In an interesting example, Microsoft reported a phishing lure that was designed to take advantage of the covid-19 pandemic.
Common attack methods include:

This is usually a slight variation of a legitimate email address that could easily go unnoticed. Criminals target organizations that use popular cloud-based email services.

Here, a victim is tricked into releasing confidential information just because they believe they are responding to a trusted sender. Such information provides an attacker with access needed to carry out an attack.

Attackers can use malware software to infiltrate the company networks, gaining vital access to emails. This gives time to follow through conversations and know when to launch an attack. Access to data can also be obtained through the launch of malware.

Provided this is getting the attention it deserves, how should you be protecting yourself from an imminent attack?

BECs are persistent and can negatively impact all types of organizations, and anyone can be a target or a victim. So how do organizations root out BEC which is mingled within legitimate communication channels?


The first thing we strongly recommend is to educate employees on attack techniques, tactics and procedures. One of the red flags used to easily identify BEC is requests that require the utmost urgency to fulfill actions contained in the email. Research on successful attacks shows that phishing campaigns often have urgency built into the request and promise dire consequences. For example – a request to confirm your credentials or your account will be turned off, which strikes fear on the potential victim.


Since the attacker spoofs an email to look legitimate, it is important to look at whether the request is atypical of the sender. If personal or confidential information is being asked for over email and particularly out of the norm of how this information is usually shared, take a step back to verify. Such out-of-the-ordinary requests should be a red flag for the recipient and should be reported for review.


Verify email subject lines, the sender and links embedded in the body of the message before acting on the email. Especially if the email is unsolicited, don’t click on anything or text message asking you to update or verify account information or take any other action without verifying. Look up the sender or the company they claim to work for to ensure all information matches up. One of the best steps individuals can take to prevent an account compromise is to confirm that the purported sender of the suspicious email sent the communication. A good example could be to call the individual or communicate via another medium to confirm the request is legitimate.


Education and reporting remain a key factor in reducing attack. At MCI we are strong proponents of education and creating a culture of openness that allows employees to identify and report anomalies quickly to security teams. People are the main target, therefore, making available security features that enhance educated decision-making is vital. For instance, notifying a user when they are receiving an email from an external source.


There are extensive AI and ML models today that provide organizations with immediate detection and behavioral insights into anomalous emails or user behavior. For example, Microsoft and Google email security provides adaptive threat analytics to identify user behavior and attacks more effectively within Microsoft 365 and Google workspaces.


The question isn’t IF but WHEN you will get compromised. Connect today to find out how MCI can support your digital security transformation goals.