Business email compromise (BEC) is a type of email scam where cybercriminals scam organizations through social engineering techniques. BEC is also referred to as email account compromise (EAC) or ‘man-in-the-email’ scamming.
How Does Business Email Compromise Work?
Cybercriminals usually carry out BEC scams by directly hacking an employee's email account, e.g. with a keylogger, or by undertaking a social engineering scheme, like spear phishing, to pose as an employee.
The cybercriminal impersonates the legitimate business email account holder in their email correspondence to lure unsuspecting employees into compromising sensitive data.
How Do You Prevent Business Email Compromise?
There are a number of techniques organizations can use to help prevent BEC, such as: