Business E-mail Compromise
A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts. What is BEC? Business Email Compromise (BEC) as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers. BEC involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations. Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers. Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employee