Business Email Compromise Examples

Consumer privacy breaches often occur as.

Business email compromise examples. The cybercriminal either hacks into or spoofs the email of the organization ceo. Business email compromise was the number one source of financial loss due to internet related crime in 2019 and by some margin. Example bec scams types tend to be variations on a theme.

Imposter emails targeting businesses today are far more sophisticated than traditional phishing emails or the nigerian prince emails of yesteryear. Many businesses live and breathe within the email inbox and threat actors know it. Examples include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities.

This type of bec crime focuses on close surveillance mimicry deception and trust. The links and email addresses included in these messages are from real life examples do not attempt to explore them. A cyber criminal can send an email on behalf of a ceo to the cfo of the same organization.

Matt lundy is assistant general counsel at microsoft responsible for leading efforts to prevent these crimes. Three common types include. Business email compromise bec is a type of phishing scheme where the cyber attacker impersonates a high level executive cio ceo cfo etc and attempts to get an employee or customer to transfer money and or sensitive data.

These new business email compromise bec attacks use imposter emails that reflect a deep understanding of people s roles and messaging patterns within a target organization. When an organization suspects business email compromise we quickly respond by doing whatever necessary to revoke access investigate and pinpoint any and all activity during the compromise. What are the types of business email compromise.

The email will be an urgent and confidential request to transfer a large sum of money to a certain bank account in order to finance a secret. An example of business email compromise. Business email compromise attacks are a form of cyber crime which use email fraud to attack commercial government and non profit organizations to achieve a specific outcome which negatively impacts the target organization.