Business Email Compromise (BEC) Attacks

Business email compromise (BEC) is a type of cyber security attack by a bad actor aimed at extracting valued assets from a company.

Impersonating the identity of a company employee or trusted party, a fraudster deceives the email recipient into replying with information, money, or access codes to corporate assets.

Example of BEC

When the criminal poses as a top officer, BEC is called a CEO fraud attack. If the attacker is attempting to get employee income information, the activity is called a W-2 attack. A BEC attack’s success is dependent on significant knowledge of the company and a few important employees. It also depends on the ease of impersonating someone the target trusts, such as an executive or trusted outside partner (like a law firm or accounting firm).