Thu | Jul 8, 2021 | 4:15 AM PDT

What is Business Email Compromise (BEC) and how does it work?

We talked to a lead BEC investigator at the United States Secret Service for an explanation on this type of cybercrime.

How do you define Business Email Compromise?

Stephen Dougherty, a financial fraud investigator at the Global Investigative Operations Center of the U.S. Secret Service, spoke at  SecureWorld's most recent event, our Gov-Ed virtual conference.

Dougherty discusses what BEC is, as well as why it can be easy to fall for:

"BEC is a cyber enabled financial fraud attack, where criminal actors get into email accounts. They get information that I call contemporaneous and privileged, meaning only you know what it is, and only the person you think you're working with would have that information. Therefore, you believe you're having a trusted conversation. They take that contemporaneous and privileged information and weaponize it to get you to send a wire transfer via an invoice or real estate transaction, payroll, you name it. They pretty much target every industry. And once they have that, they send those instructions and it looks legitimate to you. You wire your funds out and boom, they're gone."

How do Business Email Compromise attacks work?

Now that we have defined what BEC is, Dougherty explains more on how these attacks get started.

"We're going to walk through an actual 50,000-foot overview of a BEC.

First, you have your regular email correspondence and your daily company business. In that correspondence, there's good information about financial transactions going to go down. [Threat] actors are sitting in your email account and they'll intercept that information regarding a financial transaction.

Then, once they do that, they'll figure out a way to weaponize it. In this case, they create a spoofed email that looks like the client you're working with that money is owed to.

So then, they will set up that spoof email, act like your client, use the information that they've stolen, and then send instructions to you—to get you to send a wire transfer. 

So you set it up, it looks legitimate, and then bing, bang, boom, business done, you wire out the money. And you think you're all good, but funds actually went to a fraudster's account."

Who do Business Email Compromise attacks target?

BEC attacks have a wide range of targets, unfortunately. Dougherty discusses the challenges of this:

"One thing I really want to stress when it comes to business email compromise is that everyone is at risk. This is not a problem that just affects corporations or just affects government. It affects everybody. It hits your largest global corporations, all the way down to your individuals.

Individuals are hit a lot with BEC. When it comes time to buy a house, you got the real estate transaction, or you've inherited something, these are generally unpracticed financial transactions. Many people only do a real estate transaction once or twice in their life. So for them, it was [something] different. And so they don't know any better. They don't have the muscle memory to make sure that transaction is going the way it's supposed to."

Why does the Secret Service investigate BEC attacks?

A lot of times when you think of the Secret Service, you think about how they are protecting our political leaders, not really everything else the agency does.

Dougherty describes the dual mission of the Secret Service, where, yes, it protects people, but also that is has a very robust and investigative side with a major goal of protecting the U.S. economy and financial infrastructure.

BEC attacks can be a huge drain on that and can be a serious threat for a few reasons. Dougherty says BEC can cause the following:

  • decreased corporate profitability
  • loss of tax revenue for the U.S government
  • job losses, direct and indirect
  • small businesses and medium-sized businesses (SMBs) lose a lot of their operating capital
  • life impacting loss to an individual, their homes, or savings

To learn more about BEC attacks and other cybersecurity topics, don't miss our upcoming SecureWorld Remote Sessions webcasts that cover current and relevant topics.