Intel471-Logo-white.png

Business Email Compromise (BEC)

đź“–Definition

A scam that relies heavily on social engineering tactics to trick unsuspecting employees and executives into executing fraudulent wire transfer payments, mainly through corporate email.

Business Email Compromise (BEC) is a scam that relies heavily on social engineering tactics to trick unsuspecting employees and executives into executing fraudulent wire transfer payments.

This is a type of cybercrime where criminals gain access to an organization's network and steal sensitive information such as their customers’ credit card numbers, Social Security numbers, company bank account details or other confidential information. This is becoming increasingly common due to the rise of phishing scams. Phishing scams are emails sent out by scammers pretending to be legitimate businesses. The goal of these emails is to trick people into giving away their personal information.

If you receive an email claiming to be from a company you've done business with before, it could be a scam. Some tips for identifying a potential BEC scam email include:

  • An email purporting to be from a legitimate organization but containing misspelled words or grammatical errors.
  • A request for money made under false pretenses.
  • Emails requesting payment instructions or providing a link to download malicious files.
  • Requests for confidential documents or private information.
  • Unusual links within the body of the email.
  • Phishing attempts that ask recipients to click on attachments or visit specific web pages.

    • If you think a BEC scam might have targeted you, here are some steps you can take to protect yourself.

  • When receiving any suspicious or unusual communication, the first thing you should do is to remember not to click on links in the email. Instead, copy down all website addresses, phone numbers, and other contact info for later investigation. This will help ensure your identity isn't stolen if something goes wrong.
  • Next, check the sender's address against public records like those available through Google Maps. You may find they belong to someone else entirely. Also, look up the domain name: does it match what you remember? Did anyone ever send you similar messages using this same domain name?
  • Finally, avoid giving out sensitive data or information over email. For example, avoid sending passwords via text message or instant messaging apps. And never provide financial data without verifying its legitimacy.

    • While most businesses have some form of a cybersecurity program in place, criminals continue to evolve. As technology advances, so do the tools hackers use to steal valuable company secrets and customer identities. If you receive any of these kinds of emails, delete them immediately. If you think a BEC scheme has targeted you, contact your in-house security operations staff or law enforcement officials right away.