4 min read

What is Business Email Compromise (BEC) aka CEO Fraud?

What is Business Email Compromise (BEC) aka CEO Fraud?

More than 30,700 organizations were targeted in the first quarter of 2020 with Business Email Compromise attacks. 


Business Email Compromise (BEC) 


Maybe you’ve heard the term CEO Fraud. This is a scam where cybercriminals pretend to be a CEO or other senior executive from your organization. The criminals send an email to staff members to try and trick them into doing something they should not do. 


These types of attacks are extremely effective because cybercriminals do their research. They search your organization’s website for information, such as where it is located, who your executives are, and other organizations you work with.


The cybercriminals then learn everything they can about your coworkers on sites like LinkedIn, Facebook, or Twitter. Once they know your organization’s structure, they begin to research and target specific employees. If the cybercriminals want money, they may target staff in the accounts payable department. If they are looking for tax information, they may target human resources. If they want access to database servers, they could target someone in IT. 


The FBI calls this type of scam "Business Email Compromise" and defines BEC as “a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” 


AARP reported that BEC attacks targeted more than 30,700 organizations in the first quarter of 2020, according to security company Symantec.




CEO, Byron Martin discussing Business Email Compromise and Wire Fraud


Attack Methods for Business Email Compromise (BEC) or CEO Fraud


Once they determine what they want and whom they will target, they begin crafting their Business Email Compromise attack. This is how the bad guys do it: 


1. Phishing

Phishing emails are often sent to a large number of users at once in an attempt to “fish” sensitive information by posing as reputable sources. Their goal is to trick users into doing something such as opening an infected attachment or visiting a malicious website.


These posers use legitimate-looking logos from banks, credit card providers, delivery firms, law enforcement, and the IRS to name a few of the common ones.


2. Spear Phishing

Spear phishing is similar to phishing; however, instead of sending a generic email to millions of people, they send a custom email targeting a very small, select number of people. These spear-phishing emails are extremely realistic looking and hard to detect. They often appear to come from someone you know or work with, such as a fellow employee or perhaps even your boss.


The emails may use the same jargon your coworkers use; they may use your organization’s logo or even the official signature of an executive. These emails often create a tremendous sense of urgency, demanding you take immediate action and not tell anyone. The cyber criminal’s goal is to rush you into making a mistake.


3. Whaling

The targets are the top-level executives and administrators, typically to intercept a wire transfer or steal confidential data. Personalization and detailed knowledge of the executive and the business are the trademarks of this cyber fraud.


4. Social Engineering

Social Engineering is the use of psychological manipulation to trick people into revealing confidential information or providing access to finances. Again, using social media sites such as LinkedIn, Facebook and other venues to provide details about organizational personnel. This can include their contact information, titles, connections, friends, and more.



CEO Fraud

Image courtesy of KnowBe4 


Attack Scenarios for Business Email Compromise


Wire Transfer:

Most often, a cybercriminal is after money. Typically, hackers target businesses that process a lot of wire transfers, with the goal of using social engineering to send money to the attacker or using malware to gain access to computers used by financial decision-makers to then wire themselves money.


Or the cybercriminal researches and learns who works in accounts payable. They create a lookalike domain impersonating the corporation, and craft and send an email pretending to be the targets’ boss; the email tells them there is an emergency and money must be transferred right away to a certain account.


Another scenario involves taking over an employee’s email account, usually in the billing/finance department, and sending invoices out to company suppliers, redirecting money to a bogus account.



Tax Fraud and Identity Theft:

Cyber criminals want to steal information about your employees so they can impersonate records for tax fraud and other forms of identity theft. They research your organization and determine who handles employee information, usually someone in human resources. From there, the cybercriminals send fake emails pretending to be a senior executive or someone from legal, demanding certain documents be provided immediately.


According to the June 10, 2020 AARP report:


“The bogus executive emails someone in the payroll or human resources office seeking a list of employees and copies of their W-2 forms. That potentially puts a wealth of workers’ personal and financial information — Social Security numbers, home addresses, wages, and tax withholding — into scammers’ hands, setting the stage for large-scale tax ID fraud and other forms of identity theft.”


We’ve seen these scenarios increase dramatically with the recent COVID-19 pandemic. The FBI “has seen a spike in fraudulent unemployment insurance claims complaints related to the ongoing COVID-19 pandemic involving the use of stolen personally identifiable information (PII).”



So what can you do to protect yourself and your organization?


If you receive a message from your boss or a colleague and it does not sound or feel right, it may be an attack. Clues can include a sense of urgency, a signature that does not seem right, or a spoofed email domain.



Business Email Compromise, CEO Fraud


Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

  • Tri-Cities, Washington 509.396.6640
  • Yakima, Washington 509.396.6640
  • Bend, Oregon 541.848.6072

Questions about your IT or Cybersecurity? Give us a call today!


6 Common Technology Challenges Business Owners Face

6 Common Technology Challenges Business Owners Face

Technology can offer a strategic advantage for businesses across all industries when used effectively. However, business owners often face common...

Read More
7 Common Mistakes Users Make with SharePoint & OneDrive

7 Common Mistakes Users Make with SharePoint & OneDrive

Businesses increasingly rely on cloud storage solutions like SharePoint and OneDrive to manage and collaborate on documents. However, many companies...

Read More
How $43,000 Disappeared in an Instant: A Tale of CEO Fraud

How $43,000 Disappeared in an Instant: A Tale of CEO Fraud

This true story serves as a stark warning about the devastating impact of CEO Fraud on businesses, large and small. It's essential reading for anyone...

Read More