The Business Email Compromise (BEC) is a specific phishing attack that is disguised as an internal company or vendor/ partner email. The email may request a wire transfer, invoice payment, or for W-2 information. BEC emails usually express urgency in an attempt to dissuade you from analyzing the email and thinking before responding to the fraudulent request.
Here are some common examples of BEC:
CEO Scam:
An attacker sends an email posing as the CEO or another executive. The attacker claims to be handling confidential or urgent matters and requests a wire transfer to an account under his control. Attackers mimic the style of communication to make the email seem like business-as-usual. Many times organizations and finance departments fall victim to this type of attack.
Invoice Scam:
This scam usually relies on an established relationship between a business and supplier. An attacker poses as an employee of the supplier and sends a bogus invoice to the customer. The attacker requests funds to be wired for the invoice payment to their fraudulent account. Because the emails appear to be usual business requests, organizations fall for these attacks.
W-2 Scam:
This scam involves an attacker sending an email, once again posing as the CEO or another executive seeking employees’ W-2 information. The email may look something like this:
Kindly send me the individual W-2 and earnings summary for all company staff for a quick review.
Often, HR or payroll departments will comply with these requests and send the sensitive information to the attackers.
Best Practices:
Here are tips to defend against Business Email Compromise scams:
- Carefully analyze all emails, especially wire transfer requests and out of the ordinary requests from C-suite executives.
- Closely check the sender email address—often times the spoofed email will be one letter off.
- Confirm any request via telephone from a known number, not the one provided in the emailrequest.
- Verify any changes in vendor payment by using a secondary sign-off by company personnel.
Note: The content in this article was first published on the TMHCC CyberNET® website and is republished here with permission. For more cyber security resources, we encourage our members to visit this platform within our member-exclusive resource portal.