How to Identify a Business Email Compromise Scam

Business Email Compromise (BEC) schemes are notorious for their simplicity and high return rates, making them a favored method among cybercriminals. These scams have been consistently exploited, causing significant financial losses for businesses worldwide. According to an FBI report released in May 2016, victims of BEC scams lost a staggering $3 billion. As we continue to navigate 2024, BEC remains a significant threat, with an increase in more sophisticated and targeted scams.

Understanding CEO Fraud: A Common BEC Scheme

One prevalent type of BEC scam is CEO fraud, where cybercriminals either spoof or hack into the email of a high-ranking executive within an organization. The goal? To initiate a fraudulent fund transfer to the scammer’s account. While CEO fraud may not be technically advanced, it’s critical for organizations to bolster their defenses by learning to recognize the warning signs of such schemes. Here’s what to look out for:

Key Indicators of a Business Email Compromise Scam

1. Spoofed Sender Domain: CEO fraudsters often register domains that closely resemble the target’s. For example, if the legitimate email is [email protected], a scammer might use [email protected] or [email protected]. These subtle changes can easily go unnoticed.
2. Urgent Email Subjects Requesting Immediate Fund Transfers: BEC scams typically feature subject lines that convey urgency, particularly regarding payments or fund transfers. Common examples include:
   • Payment – Important
   • Payment Notice
   • Process Payment
   • Quick Request
   • Fund Payment Reminder
   • Wire Transfer Request
   • Bank Transfer Enquiry
3. Impersonation of High-Ranking Officials: Cybercriminals executing CEO fraud usually pose as someone influential within the organization. These emails often appear to come from individuals such as the Founder, President, COO, or CEO.
4. Urgency in the Email Body: The content of these fraudulent emails typically stresses the need for an urgent fund transfer, often to an account that differs from the usual. BEC scammers use social engineering tactics to craft convincing messages that encourage recipients to act swiftly without verification.

Business Email Compromise Safety Tips

Despite these red flags, BEC emails are often difficult to detect as perpetrators go to great lengths to make them appear authentic. They may spoof email domains to closely mimic those of the target organization or legitimate companies. They also utilize social engineering and other information-gathering techniques to understand the organization’s operations better.

Here are some additional tips to protect your organization from BEC scams:

• Always Verify: Always confirm details with the involved parties, especially for messages involving fund transfers. Since some BEC schemes involve hacked accounts, it’s essential to have verification protocols that extend beyond email, such as phone calls, text messages, or chat applications.
• Use the Forward Feature: Instead of clicking “Reply,” use the “Forward” option and manually enter the email address or select it from your contacts. This step ensures you’re not responding to a spoofed address.
• Implement Mail Security Solutions: BEC emails often do not contain malicious attachments, making them harder to detect. Consider deploying email security solutions that go beyond identifying dangerous attachments, incorporating social engineering correlations and context-aware detection methods.

While manual detection of BEC emails can be challenging, robust email security solutions are a crucial defense against these ever-evolving scams. By staying vigilant and employing these strategies, you can significantly reduce the risk of falling victim to a BEC attack. Contact us at PivIT Strategy to learn more about BEC emails and how to protect yourself.