How to protect yourself from corporate email fraud: Business Email Compromise (BEC)

Business Email Compromise (BEC) is an advanced evolution of traditional email phishing. Instead of generic mass mailings, this fraud is characterized by being more specific and targeted. Attackers use impersonated or compromised corporate accounts to send emails that appear legitimate to mislead employees, usually for financial gain.

Often, attackers present themselves as a superior requesting urgent action. The request is usually confidential, with instructions not to share the information with others in the organization and to justify the urgency to avoid the usual checking procedures.

How is a BEC attack carried out?

Compromise of the email account: This can be accomplished by obtaining the credentials of a real account or by modifying the domain of a legitimate account so that the differences are unnoticeable to the naked eye.

For example:
user@domain.com
user@dornain.com

The “m” in “domain” is changed to the letters “rn”, which may go unnoticed to the naked eye.

Contact via the spoofed account: Cybercriminals send emails pretending to be an authority figure within the company, requesting confidential information or changes to sensitive data, such as bank accounts. To make the request more credible, attackers sometimes make prior requests (such as asking for documentation) before requesting more compromising actions, such as fund transfers. It is important to note that this initial information can be used for later frauds.

Possible use of malware: Although BEC attacks do not usually require malicious software, in some cases they may include links or files containing malware that allow them to access corporate systems undetected.

Most common types of BEC attacks

CEO fraud: The attacker impersonates a senior executive (CEO, CFO, etc.) and requests an urgent transfer to an account controlled by the cybercriminals or requests sensitive information.
Supplier fraud: The attacker pretends to be a trusted supplier and asks to modify the bank details where payments are to be made, thus diverting funds to fraudulent accounts.
HR fraud: Attackers impersonate an employee and ask Human Resources to change the account number where payroll is deposited, redirecting the salary to an account controlled by the criminals.

How to protect yourself?

BEC does not attack technological systems directly, but uses psychological manipulation techniques to make the people involved act rashly. Therefore, before any unusual or urgent request, it is advisable:

Verify the authenticity of the sender through an alternative channel, such as a direct phone call.
Carefully review the e-mail address, looking for slight modifications in the domain.
Implement clear policies for handling transfers and changes to confidential data, including a second verification by another team member.
Raise employee awareness through regular training on how to identify this type of fraud.

Maintaining a preventive attitude and clear internal communication is key to minimizing risks.

Sources:

Cookie	Type	Duration	Description
_ga	Adobe Analytics	2 years	Distinguish between browsers and devices. Used to control unique visits, user data, campaigns, etc.
_gat_*	Adobe Analytics	1 day	Limits the number of requests
AMCV_*	Adobe Analytics	Session	Contain a randomly generated value that allows the platform to distinguish between browsers and devices. Used to control unique visits, user data, campaigns, etc.
AMCVS_*	Adobe Analytics	2 years	Indicate the session has begun.
aocs	Adobe Analytics	Session	Stores the account name, necessary for the funnel.
demdex	Adobe Analytics	180 days	Remembers the last time a data sync took place.
DTM_appStarted*	Adobe Analytics	Session	Control over the "App Started" event.
ev_*	Adobe Analytics	31 days	Used by Adobe Media Optimizer.
everest_*	Adobe Analytics	Persistent	Used by Adobe Media Optimizer.
gglck	Adobe Analytics	Persistent	Used by Adobe Media Optimizer.
gpv_level1	Adobe Analytics	Session	Stores information from the previous page.
gpv_pageName	Adobe Analytics	Session	Identifies the attribute on the previous page on the browser.
gpv_URL	Adobe Analytics	Session	Identifies the URL of the previous page.
ingles	BBVA	1 mes	ingles cookie
mbox	Adobe Analytics	90 days	Identifies the user for Target to work.
s_adserv	Adobe Analytics	Session	Used to integrate Adobe with Sizmek.
s_cc	Adobe Analytics	Session	Determines if cookies are active.
s_hc	Adobe Analytics	Session	Use by Adobe for analytic purposes.
s_ht	Adobe Analytics	Session	Use by Adobe for analytic purposes.
s_nr	Adobe Analytics	2 years	Determines the number of user visits.
s_ppv	Adobe Analytics	Persistent	Stores information on the display percentage of the page.
s_sq	Adobe Analytics	Session	ClickMap/ActivityMap functions.
s_tp	Adobe Analytics	Session	Use by Adobe for analytic purposes.
s_visit	Adobe Analytics	2 years	Indicate the session has begun.
sessionID	Adobe Analytics	Session	Traffic control and session identification.
tp	Adobe Analytics	Session	Identifies amount of time on the page.
TTC	Adobe Analytics	Session	Identifies amount of time on the page.

Welcome!

How to protect yourself from corporate email fraud: Business Email Compromise (BEC)

BEC fraud, where seemingly legitimate emails are used maliciously, affects most companies causing financial losses. This article will help you recognize these threats and prevent risks.

Welcome!

How to protect yourself from corporate email fraud: Business Email Compromise (BEC)

BEC fraud, where seemingly legitimate emails are used maliciously, affects most companies causing financial losses. This article will help you recognize these threats and prevent risks.

Cookie settings