Business Email Compromise
BEC is a type of phishing scam where the attacker impersonates or compromises an executive e-mail account to initiate wire transfer payments from employees within the same organization. The attack relies heavily on spear-phishing and social engineering techniques, often targeting individuals that conduct purchasing or other financial responsibilities for a department.
Attack Lifecycle of a BEC Attempt
- BEC scams often start with a phishing email intended to obtain unauthorized access to a targeted employee’s account.
- The attacker may exchange a series of emails with the targeted employee in order to build a trusted relationship. Even though these emails do not normally contain links or attachments, they still pose a risk by connecting the attacker to internal resources.
- Scammers can pretend to be trusted vendors or employees inquiring about payments or sensitive data.
- The scammers will email employees from embedded contact lists or even call them, earning their trust.
- When the targeted employee is out of reach, such as away on business, the cyber thief could send a fake email from his or her office, demanding that a payment be made to the trusted vendor’s account.
- With no way to verify if the email is authentic, the employee may make a hasty decision to approve the payment. Of course, the payment goes to the scammer and not the trusted vendor.
How do I know this is a BEC attempt?
- The e-mail requests the recipient to immediately initiate a wire transfer or unexpected purchase
- The sender address is a slight variation of a legitimate e-mail address, such as firstname.lastname@example.org vs. email@example.com
- The attacker will often pose as an executive level employee and target those in financial departments
- Wire transfer requests may coincide with actual executive travel dates, making the request less unusual
What is RIT doing to protect me?
- Rejecting e-mail from known spammers and malicious websites
- Ensuring email is coming from the server it claims to be from
- Implementing traditional anti-virus/anti-spam protection
- Quarantining suspicious messages sent via e-mail
- Restricting the ability of others to send from RIT email addresses belonging to high profile individuals
What can I do to protect myself?
- Verify all unexpected requests by calling or meeting with the person face-to-face
- Carefully check the sender address and the context/tone of the e-mail
- Report spam/phishing e-mails to firstname.lastname@example.org
- If you believe you may have been victimized by a Business Email Compromise, contact the ITS Service Desk. (585-475-4357)
For More Information
- FBI: https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise
- TrendMicro: https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
- BEC Video: PhishLine video about Business Email Compromise