BEC Attacks: How Email Account Compromise Works

Business email compromise (BEC) is a form of phishing attack in which a cyber attacker impersonates a high-level executive (often the CEO). From there, they then attempt to get to an unsuspecting employee, customer, or vendor to transfer funds or confidential information. According to an article published by InfoSec Institute, BEC attacks are “sometimes called whaling or man-in-the-email, are a way of tricking employees into handing over large amounts of money. ”

These kinds of attacks are part of social engineering and humans are the weakest point of security. Because of this, BEC emails often land directly in the employee inboxes.

BEC attacks are on the rise and targeting a great number of business companies nowadays.

In many cases, they involve a cyber attacker hacking an employee’s email account or even using an email spoof to request for a new password of the employee’s account that will be sent to a malicious channel (e.g., hacker’s email). With this scenario in mind, the employee is then alerted that there was a problem with a certain payment; and that the employee is required to resend it to a different account.

One of the most recent cases of account compromise occurred with Lazio, a popular Italian football team. As the editor from The Comeback recently wrote, “Lazio apparently paid out that final $2.5M to the wrong bank account, after being convinced to switch account numbers by an email scammer.”

Account compromise can be executed by the cyber attacker through two different mechanisms:

  • Email account compromise
  • Email spoofing

What Is Email Account Compromise?

For email compromise to work, the cyber attacker often uses social engineering to coax their victims to install malware or keyloggers onto their workstations or wireless devices. This is an effort to harvest the login credentials as (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pedro Tavares. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/PEkxT8pMaw4/