Business email compromise (BEC) is a form of phishing attack where criminals try to trick senior executives into transferring funds or revealing sensitive information.
This attack occurs through emails that look convincing, and which might ask for unusual payments, or contain links to suspicious websites.
These attacks are purposely made to appeal to specific audiences, making them harder to detect.
A typical email of this campaign:
• Does not hold a genuine email address, typically using an unfamiliar email address such as <[email protected]>;
• The subject of such emails generally start with [EXTERNAL] given they originate outside government;
• Content instils a level of urgency, typically indicating they are in a meeting or are heading into a meeting and need your help ASAP;
• Possibly not include the sender signature, but rather “Sent from my iPad” or “Sent from my Mobile” in order to make it appear as if the person is mobile and away from their desk;
• Asks to do them a “favor”;
• Asks to purchase numerous gift cards with the promise of reimbursement;
• Possibly have typos and grammatical errors;
• Appear to be sincere.
What To Do:
• Always verify the display name and the sender email address;
• Ask yourself, “would this person really ask me to do this?”;
• Call the sender to verify authenticity of the request;
• Do not reply to the email;
• Do not purchase any gift cards;
• Do not provide any personal information;
• Never divulge passwords.
This Cybersecurity Awareness Campaign is co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.