CEO Fraud - What is a BEC scam?

Cyber-criminals are like every businessman: they want maximum profit for minimum investment. A trend amongst hackers to help achieve this goal is Business Email Compromise (BEC) also known as “CEO Fraud”. This type of CEO scam is very profitable since it only needs to be successful a few times to be highly cost-effective for the criminals.

Instead of spending hours sending phishing emails to numerous random email addresses (making them more easily identifiable as spam, and less successful), nowadays, cyber-criminals first do their research before launching an attack. They select the business on which to launch a BEC attack, then use social engineering to find out who the CEO and CFO are (ensuring they have their exact names), and decide who their victim will be within the business. They will usually select someone in the finance department who manages money, or select a senior staff member, a company director, a trusted vendor etc… The cyber-criminals then send a fraudulent email, impersonating the CEO or CFO, and try to trick their victim into initiating one or more bank transfers.

A successful BEC attack results in successful intrusion into the victim’s business systems, unrestricted access to the victim’s employee credentials, and substantial or massive financial loss for the company.