November 28, 2018

Cybercriminal Profits Soar from Business Email Compromise (BEC) Scams

by: Katie Sloane

Earlier this year, the FBI reported that $12 billion in losses were caused by Email Account Compromise (EAC) and Business Email Compromise (BEC) since 2013. As barriers for entry to BEC diminish and new methods to monetize this type of fraud emerge, these losses are expected to rise.

The following article covers the latest BEC attack approaches and provides actionable security tips to help you mitigate business risks.

BEC Attack Techniques 

We've discussed social engineering and ransomware in depth, but today we're uncovering an unprecedented attack vector that's growing across criminal forums.

Conventional methods for performing a BEC scam, including, but not limited to, email spoofing and social engineering, have proved effective and lucrative for cybercriminals for some time. However, we’re witnessing new techniques arising that are enabling threat actors to breach business email accounts faster and more efficiently.

Adversaries are leveraging email inboxes not only to request wire transfers but to steal sensitive financial information stored in accounts or request that information from other personnel. 1793-600-375

Frequently, account credentials and sensitive data are sold across marketplaces and criminal forums, exposed through various means, including:

  • Unauthenticated or misconfigured file-sharing services
  • Third-party compromises
  • Paying for access or outsourcing to cyber criminals for a fee
  • Previously compromised credentials reused for several accounts

Risk Mitigation Tips

So, what can your company do to help mitigate the risks of BEC fraud? We've outlined six security measures: 

  • Invest in security awareness training and ensure it covers BEC scams.
  • Integrate cybersecurity education into your onboarding process for new hires and conduct security training company-wide.
  • Work with a Cybersecurity Advisory Services firm that specializes in cybersecurity risk management to assess your risk profile and determine sound solutions for your business.
  • Use unique, strong passwords and limit access for email archives to prevent public exposure.
  • Use multi-factor authentication
  • Monitor for compromised credentials

For more information about how your business can improve its approach to cybersecurity risk management and help prevent Business Email Compromise (BEC) scams, contact a cybersecurity specialist at Align here. Alternatively, click on the button below.

Contact Us ➜

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC