From the course: The Cybersecurity Threat Landscape
Explore the threat of business email compromise
- Business email compromise, or BEC for short, is a cyber crime that can cost organizations a lot of money if they become victims. In this video, I'll cover what BEC attacks are and why they can be so dangerous. BEC attacks usually start with criminals hacking into email accounts and using them to pretend to be someone they're not. The criminals will then use the hacked email accounts to impersonate C-level executives, finance teams, or even suppliers. Their goal is to trick employees into making large payments or changing the payment process to send funds to a scammer's bank account. The most common way the email accounts are hacked is through a phishing attack. Since the BEC criminals are going after specific email accounts, this is considered spear phishing. I cover phishing in another video in this course. So, BEC attackers typically combine phishing, social engineering, and financial fraud to pull off these scams. And it's likely they'll soon add another technology to the mix; deepfake audio, generated by artificial intelligence to make the request even more convincing to the victim. I cover deepfakes in another video in this course. BEC criminals will sometimes try to use spoofed emails where the email header is forged to look like it's coming from somewhere it's not, or they'll use lookalike domains to try to make their email look legitimate. While these methods of faking email senders might be easier than hacking into an email account, they aren't as effective at tricking the victims. Variations of BEC attacks include the false invoice scam; tricking the finance team to send a vendor invoice payment to a fraudulent account. Payroll diversion; tricking HR to change the direct deposit banking information for an employee to send salary payments to a fraudulent account. CEO fraud; tricking the finance team to send an emergency wire transfer for the CEO, which goes to a fraudulent account. The gift card scam; tricking the victim to buy gift cards for staff or clients, then send the serial numbers of the cards to the attacker. And home buyer fraud; tricking home buyers into transferring funds to a fraudulent account. While BEC may not be the most common cybersecurity threat, it is easily the most costly type of cyber crime. According to the FBI, losses in the US alone to BEC scams in 2021 were nearly $2.4 billion. That's up more than 30% from the year before, showing that BEC attacks are effective and increasing. And those losses are just in the US, and just from the cases that are reported. The worldwide losses are much higher. The huge payoffs, ease of execution, and low risks of BEC attacks are attracting criminals all around the world. Because it's so attractive to attackers, we can expect business email compromise to be a big part of the cybersecurity threat landscape well into the future.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.