BEC stands for business email compromise. This type of security concern occurs when a threat agent gains unauthorized access to a company's email account or impersonates a trusted individual to execute fraudulent activities, such as acquiring sensitive information or transferring funds. The attacker often uses social engineering tactics to achieve their goals.

According to the 2021 IC3 report. "BEC is responsible for $2.4 billion in adjusted losses in 2021, and a 556% increase since 2016."

BEC is expected to continue growing given the increase in remote workers, openly available generative AI tools, and the multitude of business-related accounts organizations have. These affordances increase the potential attack paths for threat actors. Thus, keeping email accounts secure is becoming increasingly challenging.

Business Email Compromise (BEC) is a type of cyber-attack in which an attacker impersonates a trusted individual, such as a senior executive or a vendor, to trick an organization or individual into divulging sensitive information or transferring funds. This attack vector has become increasingly prevalent in recent years, resulting in significant financial losses for businesses of all sizes.

In a typical BEC attack, the attacker conducts extensive research to learn about their target organization, including its key personnel, vendors, and business processes. They will then use this information to craft convincing emails that appear to come from a trusted source, often with a sense of urgency or importance, in order to prompt the recipient to take immediate action.

Now, with advancements in generative AI technology, BEC is becoming more common. Threat actors can generate believable textual messages and impersonate individuals, increasing their likelihood of tricking victims.

To understand the various methods cybercriminals use to exploit businesses through email, let's explore some common business email compromise examples:

CEO Fraud

CEO fraud occurs when attackers impersonate a CEO to trick other members of an organization into revealing sensitive information.

Data Theft

Threat actors attempt to obtain valuable personal information about an individual at a company. They could then use this information to launch future attacks. 

Email Account Takeover

This attack occurs when a threat actor obtains an employee's email and uses legitimate credentials to request valuable information from others within the organization.

Lawyer/Attorney Fraud

Impersonating as the lawyer for an organization, a threat actor will contact low-ranking individuals attempting to retrieve sensitive information. 

Account Compromise

In an account compromise BEC attack, attackers gain access to an organization's email account through phishing or malware. They then send fraudulent invoice requests, altering payment details to redirect funds to their own accounts. For example, they might use a finance employee's email to send fake invoices, directing payments to a deceptive bank account.

What are some identifiers of a BEC attack?

Spotting a BEC attempt involves being aware of specific characteristics often found in these fraudulent emails. BEC emails typically include a sense of urgency, employing words like "quick," "urgent," or "important" to prompt swift action. They often impersonate authoritative figures such as CEOs or CFOs, using tactics like mimicking the person’s writing style or spoofing their email address with minor modifications to trick recipients.

Attackers provide detailed instructions to create an illusion of legitimacy. If they request a fund transfer, they will specify an exact amount and provide a reason for the request to enhance its credibility. Additionally, BEC emails may instruct recipients not to contact the sender or verify the request with others to avoid detection. By being vigilant about these red flags, recipients can better protect themselves from falling victim to BEC attacks.

Learn how modern threat actors use AI to turbo-charge their BEC attacks in the white paper "Beyond the Inbox: A Guide to Preventing Business Email Compromise."

In both cases, threat actors seek to disrupt or damage systems in order to carry out malicious activity. However, a business email compromise involves impersonating an important figure in an organization to trick an employee. This is considered a social engineering tactic.

Email Account Compromise (EAC), on the other hand, is the act of stealing legitimate login credentials. Sometimes, phishing or social engineering is used to do so, but EAC is not overtly a social engineering tactic like BEC is. Instead, EAC is more closely aligned with the access to login credentials.

Darktrace has developed a fundamentally different approach to email security, one that doesn’t learn what’s dangerous from historical data but forms an in-depth understanding of each organization and its users.

Darktrace / EMAIL focuses on individuals - how each person uses their inbox and what constitutes “normal” for each user - in order to detect what’s not normal. Our AI technology builds profiles for every email user, including their relationships, tone and sentiment, content and link sharing patterns, and thousands of other signals.

Because Darktrace understands the human behind email communications rather than knowledge of past attacks, it can stop the most sophisticated and evolving email security risks like generative AI attacks, BEC, account takeover, supply chain attacks, data loss, and ransomware.  

To learn more about Darktrace / EMAIL read our Solution Brief.