Business email compromise (BEC) is a socially engineered cyberattack that evades traditional email security and costs organizations millions in damages. BEC uses impersonation to steal money from unsuspecting victims and employs conversational techniques designed to build trust between the attacker and target. BEC attacks involve personalized emails from attackers posing as trusted contacts requesting financial transactions or sensitive information.
A hallmark of a business email compromise attack is that the initial email contains a text-only message. The intent of using a text-only message in the first send is to start a conversation and elicit a response from their target, as well as to bypass traditional email security solutions.
Types of BEC Attacks
CEO Fraud: CEO fraud is a type of business email compromise where criminals impersonate a CEO in an attempt to trick employees into paying invoices, sharing sensitive information, or otherwise compromising a company's cybersecurity infrastructure.
Vendor Email Compromise (VEC): Vendor email compromise functions as a spin on the traditional BEC attack, but rather than impersonating someone within the target's organization, these attacks impersonate a trusted vendor (or use a compromised vendor account) to execute an invoice scam or other financial fraud.
Thread Hijacking: Thread hijacking attacks typically start with account compromise, allowing attackers access to the inbox to begin searching for ongoing conversations about payments or other sensitive information. They then hijack those threads by pasting the conversation into a new email (usually with a lookalike or typo-squatted domain) and carrying on the conversation with the original recipients.
How BEC Works
BEC attackers conduct extensive research on their targets before launching an attack, gathering information from social media, company websites, and other public sources to craft convincing impersonation messages. Because BEC attacks rely on social engineering rather than malware or malicious links, they often bypass traditional security tools that look for known threat signatures.
Prevention
Organizations can reduce the risk of BEC attacks by implementing advanced email security solutions that use behavioral AI to detect anomalous communication patterns, establishing verification policies for financial transactions, conducting regular employee security awareness training, and deploying email authentication protocols. Pangratis detects BEC attacks by analyzing the content, context, and intent of every email and flagging messages that deviate from established behavioral baselines.