Skip to content
twinstate technologies email security blog header
Evan ClarkJun 29, 2020 9:29:57 AM1 min read

The 10 Stages of Business Email Compromise [infographic]

In a business email compromise (BEC) attack, an attacker will take control of someone's email account, either by purchasing the login credentials on the dark web, cracking the password, or phishing the information. The attacker will use this account to begin sending emails to individuals on the accounts contact list. These emails might contain links that will spread malware when clicked. Other times the emails contain requests for payment. This is particularly concerning because users are highly likely to click a link or trust a request that they think was sent to them by a friend or coworker.

Business email compromise is a social engineering tactic that is frequently being deployed due to its high success rate.

Learn the signs and don't fall victim to this popular social engineering tactic. While BEC attacks can play out in many different ways, here's how a typical BEC attack unfolds: 
Infographic - Title: Ten Stages of a Business Email Compromise Attack. Main Content: Step 1 -Resarch. Criminals start hunting for an exploitable weakness or opportunity. Step 2 - identify a target. Based on their research, criminals decide what angle they're going to try to exploit, and which organization they are going to target. Step 3 - build a persona. Through web search, criminals can identify board members in the target organization. Step 4 - Identify a victim. Next, they look for an individual at the target organization who the criminals want to trick, Step 5 - spoof the email address. The attack starts with an email that appears to come from a senior leader. The crooks first spear phish the executive to get their credentials then log in as them to send their email. Step 6 - personalize the email. The criminals put all their research and persona building work to good use, crafting an email that appears to come from the senior leader. They add personalization (Dear Dave) and reference specific events (recent press releases), and request money transfer. infographic_BEC (bottom image)

If an attacker compromises a CEO's email account then they will often send emails to the finance department directing them to make an urgent money transfer to a specific bank account. These attacks are often successful by instilling a sense of urgency in the recipient so that they don't think twice about what they're doing.

Put a stop to this fraud with email security and impersonation protection as well as user awareness training. Book a virtual meeting with one of our technology experts to learn how we can protect your organization.