Overview
BEC involves an attacker gaining access to a corporate email account and impersonating an executive or employee to trick others into making unauthorized payments or revealing sensitive data.
Common Scenarios
- The Bogus Invoice Scheme: Impersonating a supplier to request payment to a new bank account.
- CEO Fraud: Impersonating the CEO to request an urgent wire transfer.
- Account Compromise: Using a hacked employee account to send fraudulent emails to colleagues or clients.
Prevention
- Multi-Factor Authentication (MFA) for all email accounts.
- Secondary verification for all wire transfer requests (e.g., a phone call).
- Employee training on recognizing BEC tactics.