Business Email Compromise (BEC) Response and Investigation
PacketWatch has extensive experience in Business Email Compromise investigations and reporting. We provide full-service BEC investigations and advisory services.
Experiencing A BUSINESS EMAIL COMPROMISE?
Get Immediate Assistance
We are available 24/7 for potential and existing clients experiencing a cyber incident.
Call our Incident Response Hotline at 1-800-864-4667 and press 9 for Priority Assistance.
Your Trusted BEC Response Team
Make PacketWatch your first call when you experience a Business Email Compromise (BEC) or phishing attack. Our experienced Digital Forensics and Incident Response (DFIR) experts are on standby, ready to provide immediate assistance and guidance.
How it Works
Our forensic email investigation service includes investigating and analyzing a client's email environment and any suspected compromised email accounts or computers by a certified forensic examiner.
Our goal is to forensically review all available materials to determine any potential attacker persistence, the extent of unauthorized access, and the initial attack or infection vector, if possible.
Forensic Email Investigation
- Determine any remaining persistence tactics such as forwarding rules, delegation rules, forms, devices, etc.
- Identify any suspicious activity or authentications and, if possible, determine if any data may have been accessed or exfiltrated
- Store any email or computer images in the PacketWatch lab for processing and evidence collection
- Provide recommendations on evicting any discovered bad actors and secure configuration of the email environment going forward
- Provide a timeline of events, including relevant activities for potentially spoofed or compromised email addresses or domain names
- Where log evidence permits, identify and provide the list of IP addresses used by any bad actors to access client emails
- Search for responsive terms and/or indicators of exfiltration
- Make recommendations as necessary to improve a client's security posture more generally
- Ability to liaison with Law Enforcement, Legal Counsel, or Insurance Companies for an additional fee and as directed by a client
In today's threat landscape, businesses face an ever-growing threat of Business Email Compromise (BEC). The median amount stolen from a BEC has increased to $50,000, according to Verizon’s 2023 DBIR report.¹
Understanding BEC and its implications is crucial for safeguarding your organization's sensitive information and financial assets.
What is Business Email Compromise (BEC)?
Business Email Compromise refers to a sophisticated form of cybercrime in which attackers manipulate or impersonate legitimate email accounts to deceive individuals within an organization. By gaining unauthorized access, they aim to trick employees into transferring funds, divulging sensitive information, or taking other detrimental actions.
BEC poses a significant threat to businesses of all sizes and industries due to its effectiveness and potentially devastating consequences.
BEC by Industry
In 2021, the global financial sector reported the highest number of spam and credential phishing attempts. The industry saw over 3.4 million attempts of phishing attacks during the last measured period. Healthcare was the second most-targeted industry, with 3.42 million phishing attempts. The education sector ranked third, with 3.2 million phishing attempts in the examined year.
Statistics provided via Statista²
Types of Business Email Compromise Attacks
There are five main types of BEC, according to the FBI.
Account Compromise
In an account compromise, attackers gain unauthorized access to employee or vendor accounts to facilitate fraudulent transactions. Email account compromises can be especially dangerous, as they allow the attacker to use a legitimate company email to facilitate their attacks.
Attorney Impersonation
Exploiting legal contexts, attackers may pose as attorneys to deceive organizations and orchestrate fraudulent activities. Attackers will pose as a lawyer or legal team and manipulate an employee into sending sensitive information or even performing a wire transfer.
CEO Fraud
Impersonating high-ranking executives, attackers request urgent financial transactions or confidential information. Without careful inspection of an email, employees can hastily send sensitive information or financial data to a scammer.
Data Theft
BEC attacks may also focus on stealing sensitive information, such as customer or employee data, intellectual property, or financial records. Attackers use social engineering techniques to trick employees into sharing login credentials or providing access to secure systems. This data can then be used in future advanced attacks or sold onto the dark web.
Invoice Fraud
In an invoice fraud attack, the attacker impersonates a legitimate vendor or supplier. They email the targeted organization, usually the accounting department, providing updated payment instructions or requesting payment for fraudulent invoices.
Business Impact of a Business Email Compromise
Financial Losses
A successful BEC attack can result in substantial monetary losses. Generally, wire transfers cannot be reversed. If you file a cancellation notice with your bank before the recipient bank has accepted the transfer, the transfer may be refused - but if your recipient’s bank has already accepted your wire transfer, unfortunately, your options are limited, according to experts at MoneyTrasfers.com³.
Data Leakage
In many cases, BECs may result in data theft. This can lead to data leakage, where sensitive data is sent outside the organization. Data can end up accessible to the public, used in malicious ransom campaigns, or sold on the dark web. It is crucial to monitor for data leakage after a BEC.
Reputational Damage
Falling victim to BEC can tarnish a company's reputation and erode customer trust, leading to potential customer and vendor loss.
Legal and Regulatory Consequences
Businesses may face legal liabilities, compliance violations, and regulatory penalties due to compromised data and privacy breaches.
Conclusion
Business Email Compromise poses a significant threat to organizations, with far-reaching financial, reputational, and legal implications. Organizations should implement strong email security measures, educate employees about these threats, and maintain a robust cybersecurity posture to defend against BEC attacks.
Resources
- Verizon’s 2023 Data Breach Investigations Report
- Industry sectors targeted by phishing attempts worldwide 2021 | Statista
- Can A Wire Transfer Be Reversed? | MoneyTransfers.com
Business Email Compromise (BEC) Statistics
0%
of surveyed organizations reported a BEC over the past year¹
$0
Exposed Dollar Loss from BEC (2016-2021)²
0
victims of BEC reported in 2022³