Business email compromise (BEC) is a type of phishing scam where the attacker impersonates or compromises an executive's email account to manipulate the target into initiating a wire transfer or to give away sensitive information.
The attack relies heavily on spear phishing and social engineering. It often targets individuals that conduct purchasing, have other fiduciary responsibilities, or handle sensitive company information.
How do BEC scams work?
BEC scams often start with a phishing email intended to obtain unauthorized access to targeted employee's account.
The attacker may exchange a series of emails with the targeted employee in order to build a trusted relationship. Even though these emails do not normally contain links or attachments, they still pose a risk by connecting the attacker to internal sources.
Scammers can pretend to be trusted vendors or employees inquiring about payments or sensitive data.
Scammers will email employees from embedded contact lists or even call them, earning their trust.
When the targeted employee is out of reach, such as away on business, the cyber thief could send a fake email from his or her office demanding that a payment be made to the trusted vendor's account.
With no way to verify if the email is authentic, the employee may make a hasty decision to approve the payment. Of course, the payment goes to the scammer and not the trusted vendor.
How do I know this is a BEC attempt?
The email requests the recipient to immediately initiate a wire transfer or unexpected purchase.
If you believe you may have been victimized by a BEC, contact the RIT Service Center at 585-475-5000 or help.rit.edu to open an incident report ticket.
Correcting Outlook Autofill
After replying to a BEC attempt, the fraudulent address is now cached in Outlook and may be autofilled the next time you try to send to the legitimate sender.
For those that have replied to a BEC attempt, this is how to correct the problem with Outlook autofill.
You receive a seemingly harmless email. Your boss is asking for some help. They usually don't email you from their personal account, but this seems pretty urgent and you know they are out of the office today. To be helpful you respond right away simply saying you can help.
Thankfully after some time, you realize this was too fishy and report the BEC attempt to firstname.lastname@example.org. Done, right? No. The fake email will still be at the top of your autofill address bar.
Here is how to make sure the next email you send to your boss doesn't go to the attacker. Delete the email from your autofill options.
For those that use the Outlook Web App, while selecting the fake email, press the delete button on your keyboard.