Business Email Compromise – the Neglected Cybersecurity Threat

Business-E-Mail Compromise – die vernachlässigte Cybersecurity-Bedrohung


BEC is now causing massive financial losses

By Jelle Wieringa, Security Awareness Advocate at Knowbe4

Jelle Wieringa, Security Awareness Advocate at KnowBe4

The FBI describes business email Compromise (BEC) as a sophisticated fraud, also called CEO fraud, that targets companies that work with foreign suppliers and/or make regular wire transfers. This scam involves compromising legitimate business email accounts through social engineering or computer intrusion techniques to make unauthorized money transfers. The scam is done by compromising legitimate business email accounts through social engineering or computer intrusion techniques to make unauthorized money transfers.

The problem is that BEC is now causing massive financial losses and causing more damage per incident than other types of cybercrime. According to a recent report by GreatHorn, fake email accounts or websites are the most common form of BEC attacks. 71 Percent of companies said they experienced such an attack in the past year. And according to the FBI’s 2020 Internet Crime Report, BEC attacks are responsible for losses 64 times higher than ransomware. The FBI also estimates that companies lost $1.8 billion to BEC fraud last year.

An example of the scope of such attacks is the incident at Bank of America . She was the victim of a BEC attack, in which a total of five companies were defrauded of more than $ 1.1 million. The attacker opened several bank accounts that appeared to be from legitimate companies. Although ransomware is dominating the headlines, it is actually BEC that companies need to worry about and train their employees, especially executives, to be aware of the significant threat potential.

Another, albeit less drastic, case occurred in Leipzig, at the beginning of September, where a young man received an e-mail to his company address from an unknown person posing as the managing director of his company. In it, he was asked to report to them on a co-sent mobile number via Messenger and to get Google Play cards, iTunes cards, Steam cards and Apple cards. The victim followed the instructions and sent the codes of the purchased vouchers to the unknown. After consulting with his actual boss, it became clear that the email was not from him and was a BEC scam. Overall, this resulted in financial losses in the mid-four-digit range.
The main attack methods used by threat actors in the increasingly frequent attacks can basically be divided into four categories:


Phishing emails are sent to a large number of users at once to “fish” sensitive information by posing as reputable sources – often with legitimate-looking logos attached. Banks, credit card providers, delivery services, law enforcement agencies and the tax office are just some of the common fake brands. A phishing campaign usually involves sending emails to a large number of users. Most of them are addressed to people who do not use this bank, but by the sheer number of recipients, these emails reach a certain percentage of possible candidates.

2. Spear Phishing

This is a much more targeted form of phishing. The cybercriminal either found out about the group or collected data from social media platforms to deceive users. A spear phishing email usually goes to one person or a small group of people who use this service. It contains some form of personalization – perhaps the name of the person or the name of a customer.

3. Executive Whaling

Here, the attackers are mainly targeting executives and administrative employees to siphon money from accounts or steal confidential data. This type of fraud is characterized by personalization and detailed knowledge of the executive and the company.

4. Social Engineering

In a security context, social engineering means the use of psychological manipulation to trick people into revealing confidential information or granting access to funds. The art of social engineering can also consist of gathering information from social media platforms. LinkedIn, Facebook and other platforms provide a wealth of information about a company’s employees. This includes contact information, connections, friends & co-workers, ongoing business deals and much more.


CEO fraud has now caused around $26 billion in damage, according to the FBI. Security incidents that can be traced back to this attack technique can be detected all over the world. Between May 2018 and July 2019, there was a 100 percent increase in financial losses detected worldwide. This form of fraud has been reported from 150 countries, including Germany.

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: