Business Email Compromise (BEC) is a type of scam that targets corporate companies that pay bills via wire transfers. BEC scammers targeting employees of corporate companies mostly impersonate the company’s CEO or senior executives. These scammers use social engineering techniques to trick employees into sending funds directly to the scammers.
Types of BEC Scams
According to the FBI, there are five types of BEC scams:
Examples of BEC scams
Example 1 - BEC scam targeting employees’ paycheck
In January 2019, BEC scammers targeted employees paycheck. These scammers sent spoof emails to the HR department impersonating the employees and requesting the HR to change their direct deposit information and divert monthly salary paycheck to a fake account controlled by the scammers.
Example 2 - BEC scammers exploiting a Gmail feature
In February 2019, Business Email Compromise (BEC) scammers were exploiting a Gmail feature ‘Dot accounts’ to perform various fraudulent activities such as filing for fake tax returns, filing for fake unemployment benefits, and more.
Gmail's ‘Dot accounts’ is a feature of Gmail addresses that ignores dot characters inside Gmail usernames, regardless of their placement. Scammers were taking advantage of this feature and creating multiple email accounts to perform various fraudulent activities.
For example, scammers leveraged this feature to trick Netflix account owners into adding card details to scammers’ accounts.
BEC scammers switching to mobile
Recently researchers noted that scammers are adopting SMS as a communication platform for BEC attacks as mobile devices are easier to facilitate attacks. For which, these scammers are using temporary US-based phone numbers and are utilizing services such as Google Voice to perform multiple attacks from the same US number.
How to stay protected?