BEC attacks, the invisible threat to corporate email

1 December 2023 7 minutes Author: Lady Liberty

Business email security: How to protect your company from BEC attacks

Business Email Compromise (BEC) is one of the most common and most dangerous types of cybercrime in today’s business environment. This is a tactic that involves using fake emails or intercepting corporate email to obtain confidential information or fraudulently transfer funds. It is important to understand that the main purpose of BEC is to deceive employees or partners of the company, forcing them to perform financial transactions or provide access to important data. Attackers usually use carefully crafted scripts to make their messages look convincing.

To protect against such attacks, companies need to implement comprehensive security measures. This includes regular staff training, the use of two-factor authentication, and enhanced verification procedures for financial transactions. Business email security is an integral part of modern business. The growing focus on digital security and awareness of the threats posed by BEC are key to ensuring companies are reliably protected against financial losses and information leaks.

Disclosure of BEC fraud methods

Let’s define what business fraud is: Business fraud is when a hacker gains access to a company’s mailbox and impersonates the account owner in order to commit fraud against the company. In this case, the victim’s mailbox is used as a proxy.

Attackers often create accounts with email addresses that are nearly identical to addresses on the company’s network; BEC is also known as a “man-in-the-middle” attack. The FBI classifies business email fraud (BEC) as a “$26 billion fraud,” which is not surprising when you consider that the average loss to a business is $5.01 million per incident. And this threat continues to grow.

Business email attacks (BEC) target employees using fake or legitimate business email addresses; in 2020, fraudsters made more than $1.8 billion, more than any other cybercrime.

What is business email compromise and how does it work?

During a BEC attack, an attacker impersonates an employee or trusted partner. The attacker convinces the victim to perform a certain action, such as accessing confidential information or sending money. Attackers continue to succeed despite the perception of business email being compromised.

In the first and second half of 2021, the frequency of such attacks targeting unusual consumers increased by 84%. Despite this, the frequency of attacks increased to 0.82 thousand mailboxes in the second half of 2021.

What are the main types of business email compromise attacks?

According to the FBI, the main types of BEC fraud are:

Fake charities

One of the most common forms of BEC attacks involves sending emails from fake charities that claim to be raising money for a noble cause. These emails often contain malware attachments designed to infect computers with viruses or other malicious software.

Travel problems

Another common BEC scam involves emails from fake travel agencies claiming there’s been a problem with your flight or hotel booking – usually because someone canceled at the last minute. The email invites you to update the travel brochure by clicking on the attachment or link contained in the message. In this case, you may accidentally install malware on your computer or give hackers access to sensitive data stored on your device.

Tax threats

This attack involves a government agency threatening to take legal or official action if victims do not pay money. Such scams often involve fake invoices and requests for payment to avoid legal consequences.

Impersonating a lawyer

Such letters claim that the lawyer needs your help with a legal matter – that the lawyer has been arrested or is trying to recover money that belongs to another person. In these cases, the scammer asks for your personal information to “help” you solve a legal problem (for example, send money).

Fraudulent invoice scheme

In this scheme, a business sends another business an invoice, usually for a significant amount. The invoice states that the recipient is obligated to pay for services or goods that he did not receive. The recipient may be asked to send money to pay the fake bill.

Data theft

This scam involves stealing your company’s confidential data and selling it to competitors or other interested parties. Thieves may also threaten to release your data if you don’t comply with their demands.

How do BEC attacks work?

Here’s how BEC attacks work:

  • Fake email account or website – An attacker spoofs an email address or website that looks legitimate. From this account, the attacker sends one or more phishing emails asking for financial information, such as bank account numbers and PINs. Using DMARC will help you prevent hackers from replacing your domain.

  • Spear Phishing – Spear phishing is a highly targeted email sent directly to an employee at their workplace. They are often disguised as internal messages from someone at the company (such as a manager) and contain subject lines such as “urgent bank transfer” or “urgent account” that request immediate confidential information.

  • Using malware – Attackers can install malware (malware) on a victim’s computer and use it to track their activity, intercept keystrokes, or take screenshots. Keyloggers can be installed on computer systems if an attacker has physical access to them.

How can I prevent business email from being compromised?

A successful BEC attack can cost an enterprise a lot of money and cause significant damage. However, you can prevent these attacks by following a few simple steps, such as:

1. Protect your domain with DMARC

Such BECs can be blocked using DMARC. Sender verification and domain matching using this protocol allows organizations to identify which sources are sending email on behalf of their domain, increasing the visibility of their email channel. Using this information, organizations can ensure that all credible sources are properly vetted.

Organizations can implement a p=reject DMARC policy if all legitimate sources are fully authenticated. According to this policy, all malicious emails are rejected and never reach the recipient’s mailbox.

2. Protection against phishing

Use anti-phishing software that scans incoming emails for malicious links and attachments that could infect your network.

3. Division of duties

Make sure critical functions are not performed by one person. This reduces the risk of forcing the employee to perform unauthorized actions.

4. Marking of external e-mail messages

Make sure all external emails are marked as such or sent through a secure email gateway so they don’t appear to be sent directly from your organization’s network.

5. Carefully study the email address

Please read the email address carefully. If the letter is from someone you know, open it and read it. If the letter is from a stranger, ask why they contacted you. Also check the email subject for information about it. The subject should match what is in your mailbox.

6. Train your employees

The best defense against cyberthreat attacks is employee training. Employees must be educated about the BEC threat, how it works, and how they can become a target. They should also be informed of the company’s policy on the use of business e-mail and who is an authorized e-mail user.


Business email scams get past even the most sophisticated security measures and usually ensnare unsuspecting CEOs and CFOs with just one email. As a result, BEC is a truly insidious attack vector and is still prevalent in the business world. This means you should be familiar with BEC.

Use a DMARC analyzer, such as the PowerDMARC tool, to ensure that emails from your domain are being delivered and to avoid sending spoofed emails. Stopping spoofing isn’t just about protecting your brand. This is to ensure the survival of your business.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.