Business Email Compromise (BEC)

What is Business Email Compromise? 

According to the FBI’s Internet Crime Complaint Center, business email  compromises accounted for 40% of total cybercrime losses in 2019.

Business Email Compromise (BEC) is an attack  that involves a bad actor sending an email that  appears to be legitimate in order to fraudulently request funds. These attacks, or scams, may be  

accomplished through a variety of vectors including:  spoofing an email address so that it appears to be  legitimate; sendıng spear phishing emails to trick  employees into revealing confidential information or  account credentials; or using malware to gain access  to a corporate email environment. The bad actor  then builds a target profile that includes: financial  data; sample emails for content and formatting;  point of contact information; and other information  that will allow them to send a convincing fraudulent  email.  

Once a bad actor gains enough information to send  a fraudulent email, the next phase of the attack  begins. The actor sends carefully crafted emails that  appear to be from the compromised email accounts  to identified targets and requests fund transfers  such as a wire transfer to payment to a new bank  account routing number.

The Arete Process 

When a BEC occurs, Arete immediately begins  collection of logs and artifacts. Once the relevant  evidence has been collected and preserved, analysis  begins, using Aretes Forensically sound  

methodology to determine the who, what, where,  when, and how of the attack. Arete will produce a  report of preliminary findings to the client within  24-72 hours. 

If notification list creation is necessary, Arete’s in ternal eDiscovery team can apply robotic process  automation and artificial intelligence to data sets.  Arete’s process zeroes in on the affected documents,  producing findings to meet legal and regulatory  requirements, at a fixed fee per document.

The Arete Advantage 

    • Arete’s team of experts, with years of experience in the military, government and the private sec tor, handle hundreds of BEC cases every year.
    • Arete can liaise with law enforcement, as Arete superheroes regularly work side-by-side with law enforcement on a variety of matters
    • Arete has the knowledge and expertise to assist with the securing and hardening of the client’s infrastructure to help protect the client against future

Request Information

Concerned you may be experiencing a BEC attack? Contact our experts today for a consultation.