Business Email Compromise (BEC) is a devious and sophisticated scam that targets businesses and individuals who wish to defraud them. This immoral activity is commonly carried out by threat actors who compromise legitimate business email accounts through social engineering or computer intrusion techniques. The objective of these threat actors is to conduct unauthorised funds transfers to accounts they are in control of.
BEC attacks have increased rapidly over the years and are evolving past simple email account compromise rooted in social engineering tactics. According to the Microsoft Digital Defence Report, a staggering 156,000 BEC attempts were detected daily between April 2022 to April 20231. These attacks are becoming more sophisticated and harder to detect.
Common BEC Attack Activity
Financial Fraud
Microsoft experts have observed that attackers create domain impersonations to trick users into thinking they are engaging with legitimate third parties for financial transactions. Attackers compromise the third party and respond through the same email thread to request money transfers. It is challenging to detect these attacks as they usually originate from genuine third-party email addresses.
Lateral Movement Through Internal Phishing
Many threat actors launch internal phishing campaigns after compromising identities with AiTM (Identifying Adversary-in-the-Middle). It is observed by Microsoft experts that largescale internal phishing campaigns have targeted over 8,000 recipients. These emails are sent internally and from legitimate senders, which increases the likelihood that users will open them and be fooled by the fraud.
Mass Spam Mailing Activity
This attack focusses on disrupting users through a ’Denial-of-Service’ strategy. Attackers subscribe the victims email address to multiple lists, forums, message boards, and newsletters. The victim will then receive an overwhelming number of emails, which sometimes exceeds 1000 per minute. When this happens, the victim is often distracted, frustrated, and unable to notice legitimate warning or authentication messages in their flooded inbox.
How BEC is Evolving
BEC attacks are evolving, along with the skills of the threat actors. Since cloud services continue to advance through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is due to the growing targeting of Cloud based infrastructure, exploitation of trusted business relationships, and development of more specialised skills by the threat actors.
Increasing intelligence sharing across the public and private sectors will improve our collective ability to identify these attacks and enable a faster and more impactful response against the threat actors behind these attacks.
Other Types of BEC Attacks
Direct Email Compromise (DEC) – Compromised email accounts are used to socially engineer in-house or third-party accounting roles to wire funds to the attacker’s bank account or change payment information for an existing account.
Vendor Email Compromise (VEC) – Social engineering of an existing supplier relationship by hijacking a payment-related email and impersonating company employees to convince a supplier to redirect outstanding payment to an illicit bank account.
False Invoice Scam – A mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.
Stope BEC Attacks with XDR
Microsoft Defender allows you to automatically disrupt advanced attacks like ransomware and BEC campaigns. It uses high confidence eXtended Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps to stop attack progression and limit the impact to organisations.
Business Email Compromise attacks are common and ever evolving. To keep your organisation safe, it is crucial to follow a strict plan to keep attackers at bay. Need help strengthening your infrastructure? Contact us at [email protected] to discuss options and find out how we can support you to leave cyberthreats in the past.
Content originated from the Microsoft Digital Defence Report
- Microsoft Digital Defence Report 2023 ↩︎
