Business Email Compromise fraud (BEC)


Business email compromise is a type of fraud that, as the name suggest, occurs when an scammer uses social-engineering techniques in order to gain private information of the company, or to get funds. This is a more generalized fraud, which will get into later in the attacks section.

Compromising the emails does not particularly involve hacking in any way. Scammers that perform this fraud are often sly, and are very social, since they need a wide range of tactics that often give the victim the voice to trick himself into doing an action which will compromise him.

Attack surface

Email takeovers are the easiest but rarest way of compromising any user on the internet. They often happen in 2 ways.

Brute-forcing is trying possible combinations for a known email, this method is very unlikely, there are online lists of most common passwords, which the scammers might try.

Data-leaks are often large archives which are put on hacker forums or the deep web, which contain all breached usernames and passwords, most commonly a single website which was compromised.

Impersonations on the other hand, requires social engineering and being sly to deceive the victim in a short amount of time.

Impersonations are harder to pull off, but more common, contacting people to which the scammer presents himself as one of a higher rank, for example, a bank employee, or a manager. Focusing mostly on having the same email signatures or email domains which look like the real one, for example, having in the domain “i” rather than “l”, or “u” with “v”. Employees often overlook the small details once they’re accustomed with emailing with those people. Impersonations are often to deceive the victims into transferring funds, or sharing their passwords in order for the scammer to “verify” something on their bank account for example.

Except the brute-forcing the data-leaks and impersonations focus on the social side. Attacks of those type are also known as social-engineering.


Luckily you can almost all of these attacks by:

  • Having a strong password, which is not on the popular passwords list.
  • Changing your password frequently, and not using the same password for every online profile.
  • Reading the sender’s email before replying.

More to explore