What is Business Email Compromise (BEC)?

By George Rouse

In 2020, Business Email Compromise (BEC) attacks were reported almost 20,000 times across the United States. This meant that these particular attacks occurred four times more often than ransomware attacks.

This is particularly concerning when you factor in that the rate of ransomware attacks has increased considerably in the past few years.

No matter where you work in terms of sector or location, you need to know what a BEC scam is. We've written this article to outline exactly how to identify a BEC attack ahead of time.

We'll also go into some business email compromise examples, and what to do if you feel you're a victim of BEC fraud.

What is a Business Email Compromise (BEC) Attack?

A BEC - business email compromise - attack is a particular kind of phishing approach adopted by cybercriminals today. But it's different from some of the common types of email spoofing most employees have come to expect. BEC attacks differ because they also incorporate impersonation, as well as corporate hierarchies. For example, a BEC attack will impersonate the CFO or the CEO of an organization in order to trick employees to provide financial information, or ask them to transfer money or buy gift cards urgently. Impersonating an authority person adds a sense of importance and reduces the doubt, therefore increasing the chances that the victim will take action.

The main difference between BECs and other types of phishing emails is the fact that these are specifically targeted attacks. These attacks aren't sent out en masse. Instead, they're only ever sent out to certain key individuals and in many cases are sent in a specific context.

BEC attacks sometimes attempt to convince these individuals to transfer large sums of money to dubious locations. Or, they can be used to try and trick the victim into giving away sensitive information.

In certain cases, BECs are also used to send attachments that, when opened, infect devices with malware. This information can later be used to hold a company at ransom. Or it could be sold or used to engage in an even more significant attack later down the line.


Who Is Usually Targeted by a BEC Attack?

As mentioned above, BEC attacks are highly-targeted cybercrimes. As a general rule, BECs will normally target people with one of, or several of, the following attributes:

  • Owners of a company, or significant individuals like board members and executive staff members.
  • Employees with access to sensitive company information.
  • Employees who have the authority to process payments.
  • Employees with access to company passwords or other company details.

This isn't an exhaustive rule, but most BEC attacks will target people who possess the above attributes in their position. The target doesn't have to be someone that can process payments. However, the BEC attacks will typically impersonate someone with authority or a vendor/partner in order to drive action.

Now you know what exactly a BEC is, and how it differs from other phishing, let's outline what you can do to protect yourself.

Protecting Against BEC Emails: Learn Hacker Behaviors

The first thing you can do to protect yourself against BECs is to educate yourself on some common hacker behaviors. As a managed service provider you can be a prime target as access to your service delivery systems are an increasingly appealing target for hackers. We've written a comprehensive list of 20 different behaviors that have been evidenced by many hackers in the past few years.

By learning how cybercriminals operate, you'll start to understand the techniques that they usually adopt. This can then help you to identify, protect and respond to threats that face both your own business and your end users that you're supporting.

Another significant form of protection is making yourself a harder target.

What Does a Typical BEC Email Look Like?

As BEC emails are hyper-targeted attacks, their contents will differ depending on the target. There are however a few traits that appear across many different BECs.

If an email is asking you to break protocol or procedure to make a payment, you should always question it. This is why it's important to establish internal payment procedures.

If you've received a strange email from someone in your company or from a vendor or partner, make sure to check the email address carefully. It may be that someone has faked this account and is using it to send you a BEC.

You can also set up additional authentication measures to prevent employees from being able to send money without approval.

Finally, always question an email if it's trying to force you into acting urgently, or abnormally. Urgent requests, more often than not, are designed to trick you into acting without thinking.

This is the preferred psychological approach of most phishing emails, including BEC emails. If you second guess anything urgent, you can stop yourself before engaging with what could be BEC fraud.

How to Protect against BEC attacks?

Although learning about BEC and other attacks is a great way to reduce your risk, as a managed service provider (MSP) you need to also think about ways to protect your end users.

Education is a starting point but will not catch everything. Datto SaaS Defense is an Advanced Threat Protection (ATP) security solution specifically designed to protect users from incoming security threats such as ransomware, malware, phishing, Business Email Compromise (BEC), and spam.


If you're looking to keep your clients secure, you should consider adding automated protection procedures to prevent BEC attacks as part of a multi-layered security approach.

Find out more, about Datto SaaS Defense and advanced threat protection solutions

Technical Review: Datto SaaS Defense for Advanced Threat Protection

This ESG Technical Review documents the detailed evaluation of the Datto SaaS Defense Advanced Threat Protection (ATP) solution.

View the Resource

Suggested Next Reads
Powered by Translations.com GlobalLink OneLink Software