We’ve been writing a lot about Business Email Compromise (BEC) attacks lately (six blogs and one research whitepaper since Jan 1st). So, I thought it would be good to provide some historical context.
To set the stage, let’s touch on the basics, like what is a Business Email Compromise (BEC) attack. Short and sweet, it’s a type of targeted phishing attack where a threat actor accesses or spoofs a business email account to defraud a business. A more in-depth version can be found on our glossary page on BEC attacks.
Attackers typically follow three steps to launch a Business Email Compromise (BEC) attack:
Email Scams – One of the first email scams everyone is familiar with is the Nigerian Prince scam. This email scam became infamous in the mid-’90s, but the concept of the scam dates back to the late 18th century with The Spanish Prisoner trick. It’s basically an “advanced fee” or “419” scam, which is when a victim pays money to someone in anticipation of receiving something of greater value, such as cash, an investment, or gift—and then receives little or nothing in return.
Phishing - The first significant instances of phishing emails targeted AOL users. In the late 1990s, cybercriminals adopted spoofed email addresses and websites to impersonate AOL employees and “lure” users into sharing their account passwords and credit card details. These bad actors exploited the obtained AOL credentials to launch spam and attacks on other AOL users, or they would utilize algorithms to generate random credit card numbers to make fraudulent transactions.
The AOL phishing emails inspired similar schemes pretending to be official PayPal and eBay messages warning of account suspensions, transaction disputes, and random purchases that were unfamiliar to the victims.
The first recorded Business Email Compromise (BEC) attack is difficult to pinpoint as the term "BEC" was not widely used until around 2013. However, email scams targeting businesses and organizations have been around since the early days of email—oftentimes with spear phishing and whale phishing attacks. The FBI started tracking “emerging financial cyber threats” in 2013, calling them business e-mail compromises.
Remember our infamous Nigerian Prince? It turns out that a massive amount of the Business Email Compromise (BEC) attacks the FBI tracked in the following years were attributed to a handful of organized crime groups, including Gold Skyline (Nigeria), Gold Galleon (Nigeria), and Cosmic Lynx (Russia). The success and profitability of these BEC attacks inspired an explosion of attacks from organized and individual cybercriminals around the world.
The nature of BEC attacks, compounded by their highly-relevant construction, makes them difficult to differentiate from genuine emails, as the cybercriminals often incorporate accurate information about their victims, which they have obtained via previous intrusions or data scraped from social media and other online sources.
Warnings from the FBI explained, “Often, the emails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the email and respond as directed.”
Cybercriminals are known for being early adopters of emerging technologies which has led to the exponential growth of recorded BEC attacks as well as remarkable evolution in the quality of their email content. Some of the technologies include:
Business Email Compromise (BEC) attacks are difficult to detect and prevent because they rely on human error rather than technical vulnerabilities. However, there are some best practices that organizations can follow to reduce their risk of falling victim to BEC scams:
93% of enterprises receive advanced BEC attacks that go undetected every year. Defend your enterprise from BEC attacks with the latest research from Osterman. Learn who's most at risk, which variants are used, and new tactics in the latest Osterman Research report, "Defending the Enterprise: The Latest Trends and Tactics in BEC Attacks."