WHAT IS BUSINESS EMAIL COMPROMISE (BEC)?
A BEC is an email that appears to come from someone senior in your business, and urgently asks you to do something like make a payment or transfer funds. Also known as ‘CEO phishing’, the email address may look like it’s from your managing director, chief executive officer or chief financial officer. Criminals hope the urgent tone and the apparent seniority of the sender will make you act without checking the request is real.
A BEC email could be sent from:
- a simple email address such as ‘firstname.lastname@example.org’
- an email address very similar to a senior business person, for example email@example.com instead of firstname.lastname@example.org
- what appears to be a correct email address, but if you reply the email goes to a different address
- the impersonated sender’s real email address, which happens if a criminal has stolen the email credentials from a previous phishing email, or with malicious software.