Who Is the True Target of Business Email Compromise (BEC)?
Cybercriminal Image 2

Who Is the True Target of Business Email Compromise (BEC)?

What is BEC?

In a Business Email Compromise (BEC) attack, cybercriminals impersonate business professionals to trick victims into sharing information about their organization. This attack is an advanced form of spear-phishing: a phishing attack that targets a specific individual or department within an organization. In a BEC attack, cybercriminals impersonate a business partner, supplier, or prospect. The cybercriminals’ end goal is to transfer funds from an organization to themselves. A successful BEC attack can result in a huge loss for the organization involved. 

Who Is the Target of a BEC Attack?

Originally, the primary targets for BEC attacks were employees in high-level and financial roles. As a result, many organizations began to take extra security measures to protect these employees. However, as technology and cybersecurity change, so do the cybercriminals’ tactics. Now, BEC attacks target employees of all types and levels. For example, cybercriminals have recently started to target employees in sales roles. Sales representatives are popular new targets because of their connection with financial departments for payment processing. 

Even employees with no ties to financial departments can be targeted. Any relationship a cybercriminal creates within an organization can help them gain access to vital information. For example, administrative assistants often have access to high-level employees’ business calendars. If a cybercriminal targets an overly trusting assistant, the cybercriminal could win themselves a meeting with an executive.

Remember These Tips to Stay Safe:

  • Be suspicious of any emails sent from people you do not know, even people who appear to represent a legitimate organization.
  • Before sharing any information about your organization or coworkers over email, be sure to verify the sender’s identity. You could ask for proof of who they are, where they work, or contact them by phone or video call.

Always follow your organization’s protocol for reporting suspicious emails. Following cybersecurity protocols will help keep everyone’s information safe, no matter who the original target was. 



Knowbe4 Logo

Stop, Look, and Think. Don’t be fooled.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

More Posts

Zero Trust Image 2
Cybersecurity

Understanding the Basics of Zero Trust

Why It’s Essential for Modern Cybersecurity In today’s digitally-driven world, the traditional perimeter-based security model is no longer sufficient. With the rise of remote work,

July 23, 2024
Cloud Security Services Image
Cybersecurity

The Five Biggest Cloud Security Threats

(And how to deal with them) Cloud computing has transformed business operations by enabling remote storage of data and applications, boosting agility and efficiency. However,

July 22, 2024
5 Signs Social Engineering
Cybersecurity

5 Signs of Social Engineering

Legitimate emails can exhibit these traits, but messages with three or more of them are at a higher risk of being part of a social

July 21, 2024
Digital Toad Image
Cybersecurity

TOAD Attack

What is a TOAD Attack? A TOAD attack, which stands for Telephone-Oriented Attack Delivery, is a relatively new type of phishing attack that combines voice

July 18, 2024
View All Posts

SuperPod with WiFi 6E

Plume SuperPod WiFi 6E Specs

SuperPod with WiFi 6

Plume SuperPod WiFi 6 Specs

SuperPod

Plume SuperPod Secs