CybersecurityBusiness email compromise

What are the 4 Steps of a BEC Attack?

  • Step 1: Identify a target. A criminal organization will gather an email list of executives involved with finance. Then, the scammers will study readily available information on contacts such as company news and social media activities. Also, if they can infiltrate employees’ inboxes with spyware, the scammers will take note of any vendors, billing systems, out-of-office schedules, and the executive’s writing style.
  • Step 2: Grooming. The criminal will send an impersonated executive email to a finance employee requesting an immediate wire transfer. The criminal will use the executive’s authority to pressure the employee to act quickly.
  • Step 3: Exchange of information. The targeted employee will send money to a fraudulent account believing it belongs to a trusted partner.
  • Step 4: Wire transfer. A domestic mule will wipe out the account quickly and then carry the funds to the scammers. In the meantime, the target employee will realize a scammer tricked them, and that the money is gone.

The Internet Crime Center (IC3) sorts BEC attacks into five categories

  • Bogus Invoice Schemes: The criminals will pretend to be suppliers requesting fund transfers. They will request the employee to redirect the transaction payment to an account they own.
  • CEO Fraud: The criminals will either use a spoofed email address or hack into an executive’s email account and then send a message to a finance employee.
  • Account Compromise: A hacker compromises an executive’s email account. Then, the hacker uses the account to request invoice payments from customers.
  • Attorney Impersonation: The criminals will pretend to be a lawyer and ask a client to transfer funds, usually to settle a legal dispute or pay an overdue bill.
  • Data and W-2 Theft: The criminals will target finance employees so they can steal personally identifiable information or tax statements of staff members.

How can you protect against BEC attacks?

BEC attacks are tougher to detect since it relies more on manipulating people and less on hacking into machines. Your business can defend against BEC attacks holistically with a combination of tough security measures and ongoing staff education. Here are some tips:

  • Keep your device operating systems and applications up to date.
  • Scan with anti-virus and anti-malware software weekly.
  • Use multi-factor authentication methods for email accounts. For example, if you use Office 365, you can have a code sent to your phone after you enter your login information.
  • Lock your computers, tablets, and smartphone screens with a password or PIN.
  • Follow up on unexpected email requests for wiring funds, account number changes, and sending over confidential information. If you receive a request by email, follow up the contact with a phone call or in-person visit.
  • Watch out for sloppy details in emails including misspellings, poor grammar, changes in writing style, odd-looking email addresses, and pixelated logos.
  • Color code email communications so emails from employees/internal accounts are one color and emails from non-employee/external accounts are another.
  • Create a company policy instructing employees to verify changes in pending transactions and bank deposit information. Also, consider requiring two parties to sign off on payment transfers.
  • Conduct regular security training including online tutorial sessions and phishing email simulations.
  • Limit the information you share on social media. Criminals can use this content to personalize phishing emails.
  • Contact us at or 877-794-3811 if you experience a breach. Also, contact the bank to see if they can reverse any wire transfer charges. Finally, file a complaint with the FBI’s Internet Crime Complaint Center (IC3) at
  • If you would like extra protection for your IT systems, you can ask us about our subscription-based cloud service called Security as a Service. It includes email security, web security, enterprise anti-virus/anti-malware protection, ransomware protection, intrusion prevention, and security monitoring. You can check out this page here for more details.

If you have any questions regarding defending against BEC attacks, you may contact us at 877-794-3811 or

SOURCES Business E-Mail Compromise. (2017, February 27). Retrieved from:
Trend Micro USA. Business Email Compromise (BEC). Retrieved from:
Harnedy, R. What is a Business Email Compromise (BEC) Attack? And How Can I Stop It? (2016, September). Retrieved from:
Tripwire. Business Email Compromise: The Secret Billion Dollar Threat. (2018, February 27). Retrieved from:
InfoSec Institute. 5 Real-World Examples of Business Email Compromise. (2018, April 12). Retrieved from:
Goodchild, J. How to Recognize a Business Email Compromise Attack. (2018, June 20). Retrieved from: