Business email compromise definition
Business email compromise (BEC) defines targeted, email-based cyberattacks that seek to trick victims into exposing company information/systems access, handing over money or to perform other acts that negatively impact the business. Better researched and crafted compared to standard, random phishing emails, BEC attacks often have specific targets, personalized, grammatically correct wording, and seemingly genuine but often time-critical instructions that enhance believability for recipients.
“Despite recent headlines being dominated by ransomware, it’s important not to forget about the security threat still posed by BEC attacks,” Jed Kafetz, head of pen testing at Redscan, tells CSO. “They remain a highly popular vector used by cybercriminals and are increasingly challenging to detect.”
Business email compromise statistics
According to the FBI’s 2020 Internet Crime Report, 19,369 BEC complaints were made in 2020 resulting in losses of $1.8 billion. Though this represented a 19% decrease in BEC victims compared to the previous year, the total amount lost increased 5% year-over-year and the average loss per victim increased 29% year-over-year.
