Business email compromise scams getting more sophisticated: Report

Share post:

Messaging scams that try to trick employees into performing risky transactions continue to dog organizations.

In a report released today, Trustwave said a category of cons called business email compromise (BEC) scams followed a historical trend by jumping in January and February before settling down.

More importantly, attackers have come up with a new tactic: Instead of sending an email purporting to be from an executive and asking for action — paying a supposed invoice or changing payments to be made to a bank account controlled by the threat actor — the message asks the employee to email a supposed staffer of a company. It’s a way of convincing the victim of the legitimacy of the message.

For example, the first email sent by the supposed executive tells the employee that a representative from a financial company is requesting payment for an unpaid invoice. The employee is told someone from that company will be emailing them. It’s not uncommon for this first message to use the real name of that contact person.

The second email the employee gets is from the supposed contractor/supplier/partner and repeats the request for payment of the overdue invoice. A variation of this scheme has the supposed employer telling the employee to contact the other company (by email, of course).

“To make the scam appear legitimate,” notes Trustwave, “these emails contain specific information such as an invoice number and date of scheduled payment. They are also longer in content and written in a professional manner, unlike traditional BEC emails. The vendor representative names are real employees of the financial institutions that the scammers use in their invoice fraud scheme.”

One clue the message is a scam: It comes from a free email service like Gmail. In the first half of this year, 84 per cent of BEC messages detected by Trustwave came from free webmail addresses.

Related content: Employees still too gullible

BEC uses different bait topics to gain the attention of their victims, the report says. These include

  • payroll diversion, where the target is asked to change the sender’s bank account, payroll, or direct deposit information. Almost half of the BEC scams detected by Trustwave in the first half of this year were in this category;
  • request for contact, where the target is asked to forward their mobile number or personal email address. Then the scammer moves the conversation to mobile or WhatsApp where it is more likely to evade detection;
  • task, where the target is told something has to be done urgently;
  • availability, very short emails asking if the victim is available for a follow-up message;
  • gift purchase, where an employee is asked to buy a gift card or cards for an occasion (a staff member’s birthday or the office Christmas party;
  • wire transfer, where the staffer is told to send money in a wire transfer;
  • and a request for a copy of a corporate document that has sensitive data (for example, the executive needs a list of employees and their Social Security numbers).

Regular employee security awareness training is one way these and similar scams can be blunted.

The post Business email compromise scams getting more sophisticated: Report first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for the week ending Friday, Sept. 29, 2023

This episode features discussion on October Security Awareness Month, ransomware, teenage hackers and the start of hearings into proposed Canadian privacy a

Admins urged to quickly patch holes in WS_FTP file transfer server

This is the fourth file transfer application -- and the second from Progress Software -- to recently face critical vulne

Cyber Security Today, Sept. 29, 2023 – Protect your routers from this attacker, new open-source malware packages found, and more

This episode reports on a China-based group that specializes in hacking branch office routers of major

Champagne squeezed to produce proposed amendments on privacy, AI bills

Opposition gives government five business days to produce proposed

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways