BEC attacks caused $2.7 billion in losses in 2022. These sophisticated attacks target businesses with wire transfer and invoice fraud schemes.
Common BEC Types
| CEO Fraud | Attacker impersonates executive requesting urgent wire transfer |
| Invoice Fraud | Fake invoice from "vendor" with attacker's bank details |
| Account Compromise | Real employee email used to request payments |
| Attorney Impersonation | Pretends to be lawyer handling confidential matter |
| Data Theft | HR impersonation requesting W-2 or payroll data |
Red Flags
- Urgency and secrecy ("Don't tell anyone")
- Changes to payment details
- Requests to bypass normal procedures
- Slightly misspelled domain names
- Executive email at unusual hours
Prevention Controls
- Verification: Call to verify wire transfer requests
- Dual Authorization: Two people approve large transfers
- Email Security: SPF, DKIM, DMARC
- Training: Regular awareness programs
- MFA: Protect email accounts
If Compromised
- Contact your bank immediately
- File FBI IC3 complaint
- Preserve all evidence
- Engage incident response
December 2024