Business Email Compromise Fraud

Business Email Compromise (BEC) scams are a specific type of crime that rely on social engineering tools (like phishing) for tricking targeted employees / staff into believing and acting in a certain way.

False Invoice Scam: The phisher pretends to be a legitimate vendor requesting payment for services performed for the company but changes the bank account information to an account controlled by them.

CEO Fraud: The attacker sends an email, supposedly from the CEO / Senior Management instructing the recipient to take some business action.

Account Compromise: This attack takes advantage of a compromised email account within an organization. With this access, the attacker requests invoice payments from customers while changing the payment details to those of the attacker.

Employee Data Theft: This type of attack targets HR and Finance personnel and attempts to steal sensitive information about an organization’s employees.

Here are a few suggested fraud prevention tips and best practices: