Business Email Compromise (BEC) Attacks
Business email compromise (BEC) is a type of cyber security attack by a bad actor aimed at extracting valued assets from a company.
Impersonating the identity of a company employee or trusted party, a fraudster deceives the email recipient into replying with information, money, or access codes to corporate assets.
Example of BEC
When the criminal poses as a top officer, BEC is called a CEO fraud attack. If the attacker is attempting to get employee income information, the activity is called a W-2 attack. A BEC attack’s success is dependent on significant knowledge of the company and a few important employees. It also depends on the ease of impersonating someone the target trusts, such as an executive or trusted outside partner (like a law firm or accounting firm).