What Is BEC?

BEC (Business Email Compromise) is a specific kind of spear phishing attack that tricks recipients into performing harmful actions. This can involve sending money or data to cyber criminals.

BEC is one of the most costly and destructive phishing attacks that cost corporate organizations billions of dollars every year.

If you wish to know more about BEC, its types, and preventive measures you can take, you are in the right spot. Keep reading to learn more!

What Is Business Email Compromise?

Business email compromise or BEC is a specific email that cyber criminals make use of to attack corporate networks for malicious gain.

These phishing attacks can attack companies of all sizes across the globe. Many BEC phishing attacks have also been successful and caused businesses to lose billions of dollars internationally.

EAC (Email Account Compromise or Email Account Takeover) is related to BEC, which has become widespread due to the increased use of cloud-based infrastructure.

EAC and BEC are often associated as EAC is being vastly used to launch BEC scams.

Both EAC and BEC are difficult to prevent and detect. They can easily bypass native cloud platform defenses, legacy tools, and point products to request invoice payments and conduct data theft.

How Is A BEC Attack Launched?

The basic strategy used in Business Email Compromise scams is that the hacker poses themselves as trustworthy to the recipient. The sender will often appear to be a vendor, boss, or colleague.

A message to an employee’s email account asks the recipient email to divert payroll, make a wire transfer and even change banking details. Changing details allows the hacker to receive future payments more easily.

A BEC attack can be difficult to detect as it does not use malicious URLs, code, or malware. The absence of malicious code makes these emails difficult to detect, even if you have a lot of cybersecurity defenses or protocols in place.

These attacks use social engineering strategies and impersonation and trick people into interacting by appearing trustworthy.

Manually remediating or investigating these attacks gets quite taxing and time-consuming. Impersonation by scammers makes use of look-alike domains/domain spoofing.

Domain misuse is a complex issue and is hard to stop. Tracking down every look-alike domain is quite impossible, especially when this can easily multiply due to outside domains that hackers can use to launch a BEC attack.

EAC allows control over a legitimate email account which is then used to launch a BEC-style attack. The hacker does not pose or pretend in this case; they are the person they show to be.

Since EAC and BEC focus on human frailty and deviate from network vulnerabilities, only people-centric defense can detect, respond to and eliminate these attacks.

What Are The Stages Of A BEC Attack?

There are four main stages of Business Email Compromise attacks. Let’s look at these below:

Stage 1

Cybercriminals begin by targeting an email list. These email addresses are often mined from business databases, LinkedIn profiles, and by sifting various websites for information.

Stage 2

Attackers launch the attack by sending out mass emails to the list they have acquired. Malicious intent can be difficult to identify in this phase. Attackers use fake email names, look-alike domains, and spoofing to appear trustworthy.

Stage 3

Social engineering is used to impersonate CEOs, vendors, clients, colleagues, financial managers, and employees. Most emails will ask for an urgent response.

Stage 4

Once trust is built successfully, hackers start working towards a data breach or devise plans for financial gains.

What Are The Five Different Types Of Business Email Compromise?

There are 5 types of BEC scams as identified by the FBI. These include:

Account Compromise

Email accounts are often hacked and used to generate emails asking for payments from vendors. Payments are asked to be made to fraudulent bank accounts owned by cyber attackers.

Attorney Impersonation

Hackers impersonate legal representatives or lawyers to launch an attack. These attacks are usually aimed at lower-level employees, so they cannot question the validity of the request they receive.

CEO Fraud

Attackers impersonate executives, managers, or CEOs to email the finance department for fund transfers.

False Invoice Scheme

Foreign suppliers are targeted in this strategy. Scammers act as suppliers to request invoice payments to be transferred to a fraudulent bank account.

Data Theft

These attacks are geared towards HR employees and plan to grab sensitive, confidential, or personal data about company individuals like the CEO or executives. This data is then used to launch future attacks like CEO Fraud.

How To Prevent A BEC Scam?

Both EAC and BEC are complex attacks that require a multi-layer defense. Stopping these attacks means:

  • Identifying malicious behavior and other activities in an employee cloud environment.
  • Elimination of an array of BEC/EAC tactics.
  • Automation of threat response and detection.

A proper defense mechanism can prevent attacks from vulnerable channels like personal webmail, cloud apps, your web domain, business partners’ email, corporate email, and web/user behavior.

BEC/EAC makes use of less witty individuals, which is why attack visibility, user awareness, and email protection are appropriate defense strategies.

Signs To Look For In Emails

  • Impostor emails often ask the recipient not to contact or communicate with others about the request. The request is asked to be kept confidential, and the sender often asks the recipient to communicate via email directly.
  • Executives or CEOs asking for unusual data like W2 or employee tax information can be a sure sign. Most individuals will not hesitate to email back, but thinking twice before sending data, special reports, or confidential data can save a lot of trouble.
  • Requests from unusual channels like direct executive requests instead of regular financial department emails can also be a sign. Emails asking for immediate wire transfers should be scanned carefully to confirm the recipient.
  • Email addresses or domains that do not match the sender’s address indicate email spoofing. Paying close attention to the addresses and double-checking can ward off attacks.
  • Any date formats or language issues must not be ignored. Flawless grammar, European date format, and proper sentence construction may indicate that a non-native speaker has typed an email.

How To Stay Protected Against BEC Attacks?

Domain authentication, email security, account protection, user awareness, and content inspection must be used to stay protected from BEC attacks.

Below are some tips that can be used to prevent scams and keep corporate networks safe:

  • If you feel like something sounds suspicious or looks like a scam, believe it. Encourage employees to trust their instincts and ask questions.
  • Always ask for clarification and encourage employees to forward emails to the IT department or confide in a colleague if they are confused.
  • Hackers usually time campaigns around busy days or periods. It is, therefore, a good idea to slow down. Do not just skim and quickly respond to emails, especially if you are an HR manager.


Malicious emails are designed to impersonate someone purposely the recipient trusts, so it is easier to trick them into sending money or leaking confidential data.

Creating user awareness, automating detection/threat response, and monitoring emails carefully before replying is the only way to stay safe against BEC/EAC attacks.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick [...]

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to [...]
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.