BEC typically targets a single individual, usually someone who has influence within the organization or directly manages the budget. A successful attack relies on the targeted individual engaging with a seemingly legitimate email from an internal supervisor or colleague, or an external partner or vendor, and either clicking a link or providing login credentials to the perpetrator.
Although it comes in many forms, some common examples of business email compromise include:
Gift card fraud: In this attack, the hacker asks an employee to purchase gift cards for staff or customers. Often, the hacker will ask for secrecy and direct the employee to send screenshots of the back of the gift cards, rather than the actual gift cards.
CEO fraud: One of the most expensive forms of business email compromise, this attack involves CEO or executive impersonation. Again, the hacker will ask for secrecy and urge the employee to take some kind of action, usually financially. In many cases, the hacker will ask the employee to wire a large sum of money.
Vendor compromise: In this attack, a hacker compromises a vendor’s account and then uses that account to phish or spear phish the vendor’s customers. This is a popular scheme that allows hackers to receive a quick payout from victims who believe they are paying vendor invoices.
Tax fraud: In this scheme, a hacker typically impersonates an employee and reaches out to a member of an HR team, requesting a copy of a W2 or other income statement form.
About Vade
Vade’s spear phishing prevention technology uses artificial intelligence, including Anomaly Detection and Natural Language Processing, to identify impersonation attempts and malicious patterns in spear phishing emails.