What to Know About Business Email Compromise

Criminal ingenuity intersects with clever social engineering to create the frustratingly successful swindle of Business Email Compromise or BEC, also called CEO Fraud or Imposter Attacks.

According to the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN), U.S. businesses have been hit with nearly $9 billion in attempted BEC theft since 2016. This figure exceeds even the FBI’s previous calculations of $1.3 billion per year. Gartner analysts were alarmed enough to make BEC a Top 10 Security Priority in 2019.

BEC is a specific type of phishing email that operates without links and without attachments (two of the standard markers that perimeter defenses look for). However, instead of taking over a computer or stealing data, BEC hackers impersonate an executive (a known CEO, CFO or other CxO), and persuade the recipient (an employee) to perform some action – like wiring money or attaching information to an email.