Business Email Compromise (BEC)

Business Email Compromise

BEC is a type of phishing scam where the attacker impersonates or compromises an executive e-mail account to initiate wire transfer payments from employees within the same organization. The attack relies heavily on spear-phishing and social engineering techniques, often targeting individuals that conduct purchasing or other financial responsibilities for a department.

 

Attack Lifecycle of a BEC Attempt

  • BEC scams often start with a phishing email intended to obtain unauthorized access to a targeted employee’s account.
  • The attacker may exchange a series of emails with the targeted employee in order to build a trusted relationship. Even though these emails do not normally contain links or attachments, they still pose a risk by connecting the attacker to internal resources.
  • Scammers can pretend to be trusted vendors or employees inquiring about payments or sensitive data.
  • The scammers will email employees from embedded contact lists or even call them, earning their trust.
  • When the targeted employee is out of reach, such as away on business, the cyber thief could send a fake email from his or her office, demanding that a payment be made to the trusted vendor’s account.
  • With no way to verify if the email is authentic, the employee may make a hasty decision to approve the payment. Of course, the payment goes to the scammer and not the trusted vendor.

 

How do I know this is a BEC attempt?

  • The e-mail requests the recipient to immediately initiate a wire transfer or unexpected purchase
  • The sender address is a slight variation of a legitimate e-mail address, such as john.kelly@company.com vs. john.kelley@company.com
  • The attacker will often pose as an executive level employee and target those in financial departments
  • Wire transfer requests may coincide with actual executive travel dates, making the request less unusual

 

What is RIT doing to protect me?

  • Rejecting e-mail from known spammers and malicious websites
  • Ensuring email is coming from the server it claims to be from
  • Implementing traditional anti-virus/anti-spam protection
  • Quarantining suspicious messages sent via e-mail
  • Restricting the ability of others to send from RIT email addresses belonging to high profile individuals

 

What can I do to protect myself?

  • Verify all unexpected requests by calling or meeting with the person face-to-face
  • Carefully check the sender address and the context/tone of the e-mail
  • Report spam/phishing e-mails to spam@rit.edu
  • If you believe you may have been victimized by a Business Email Compromise, contact the ITS Service Desk. (585-475-4357)

 

For More Information