Business E-mail Compromise (BEC) and E-mail Account Compromise (EAC)

Business Email Compromise (BEC) is a scam targeting companies that make transfers or have suppliers abroad. Unlike phishing attacks, high-level employees involved in finance or wire transfers can be compromised or falsified to make fraudulent transfers, resulting in losses of hundreds of thousands of dollars.

Business E-Mail Compromise (BEC) is an attack in which an attacker gains access to a business e-mail account and imitates the identity of the owner in order to defraud the company, its employees, customers, and partners. In the case of (E-mail Account Compromise) EAC, the fraudster works to compromise the email accounts and maintain persistence. The attacker creates a fake e-mail address based on the personal data of the user (e.g. name, address, telephone number, etc.).

BEC sometimes referred to as a man-in-the-mail attack, is a special form of phishing attack that aims to trick a person into diverting payments to a fake bank account. These attempts can go undetected by email security services because they do not contain malware. Email accounts can be compromised by phishing attempts or social…