In brief: « BEC » attacks and « CEO Frauds »

Date : August 07, 2017

BEC (Business Email Compromise) are attacks were e-mails are used to convince a victim company to make bank wire-transfers for the benefit of the attackers. This is what is also often called "CEO Frauds".

As far as we know, the term BEC has been used since 2015 by the FBI (see for example this FBI 2015 report on the emergence of the trend). When attacks are aimed at an individual (rather than a business), the FBI then uses the term EAC (Email Account Compromise). According to the “Internet Crime Report” of the FBI's IC3 (Internet Crime Complaint Center), BECs and EACs are ranked first in the 2016 rankings of cyber-crime losses ($ 360 million of loss in 2016).

The BECs, or CEO frauds, are not new phenomena:

  • Cert-IST spoke about this for the first time in 2013 (see the headlines of the May and September 2013 Cert-IST bulletins).
  • The phenomenon got bigger, first by targeting SMEs rather than large companies, and second by changing tactics: requesting SEPA wire-transfer tests (SEPA is a new European standard), giving new (fake) bank details for a legitimate bill in progress, etc. We mention BEC as one of the major recurring phenomena in terms of attacks in our 2016 report on vulnerabilities and attacks (in chapter 2.6).

Unlike its name, BEC (Business Email Compromise) attacks do not just imply emails. These scams actually use emails, but also often:

  • The compromise of the victim’s computer so that the attacker gains knowledge of the internal organization in place, and the financial operations in progress.
  • And telephone calls addressed to the victims to urge them to perform the wire-transfer requested in a previous email.



Previous Previous Next Next Print Print