Business Email Compromise (BEC), or in some regions referred to as CEO fraud, is a simple email that is asking for an action. No link to click. No attachment to open. Just a simple request – can you respond. We typically refer to these as conversational. The threat actor is reaching out with a simple inquiry hoping you’ll respond. By keeping the initial message vague, this tactic allows the message to land in the inbox of your users.
We’ve seen the lure of BEC evolve over the years. It was only a few years ago that these emails were asking for someone to wire money, which would lead to the threat actor sending over wiring instructions with routing and account numbers. It wasn’t long before financial institutions were hot on their trail to flag these accounts. So, as threat actors do, they changed up their tactics. Now, they ask for gift cards or request HR or payroll teams to change the account numbers for a direct deposit setting for an employee. ...read more!
