Business email compromise scams getting more sophisticated: Report

Share post:

Messaging scams that try to trick employees into performing risky transactions continue to dog organizations.

In a report released today, Trustwave said a category of cons called business email compromise (BEC) scams followed a historical trend by jumping in January and February before settling down.

More importantly, attackers have come up with a new tactic: Instead of sending an email purporting to be from an executive and asking for action — paying a supposed invoice or changing payments to be made to a bank account controlled by the threat actor — the message asks the employee to email a supposed staffer of a company. It’s a way of convincing the victim of the legitimacy of the message.

For example, the first email sent by the supposed executive tells the employee that a representative from a financial company is requesting payment for an unpaid invoice. The employee is told someone from that company will be emailing them. It’s not uncommon for this first message to use the real name of that contact person.

The second email the employee gets is from the supposed contractor/supplier/partner and repeats the request for payment of the overdue invoice. A variation of this scheme has the supposed employer telling the employee to contact the other company (by email, of course).

“To make the scam appear legitimate,” notes Trustwave, “these emails contain specific information such as an invoice number and date of scheduled payment. They are also longer in content and written in a professional manner, unlike traditional BEC emails. The vendor representative names are real employees of the financial institutions that the scammers use in their invoice fraud scheme.”

One clue the message is a scam: It comes from a free email service like Gmail. In the first half of this year, 84 per cent of BEC messages detected by Trustwave came from free webmail addresses.

Related content: Employees still too gullible

BEC uses different bait topics to gain the attention of their victims, the report says. These include

  • payroll diversion, where the target is asked to change the sender’s bank account, payroll, or direct deposit information. Almost half of the BEC scams detected by Trustwave in the first half of this year were in this category;
  • request for contact, where the target is asked to forward their mobile number or personal email address. Then the scammer moves the conversation to mobile or WhatsApp where it is more likely to evade detection;
  • task, where the target is told something has to be done urgently;
  • availability, very short emails asking if the victim is available for a follow-up message;
  • gift purchase, where an employee is asked to buy a gift card or cards for an occasion (a staff member’s birthday or the office Christmas party;
  • wire transfer, where the staffer is told to send money in a wire transfer;
  • and a request for a copy of a corporate document that has sensitive data (for example, the executive needs a list of employees and their Social Security numbers).

Regular employee security awareness training is one way these and similar scams can be blunted.

The post Business email compromise scams getting more sophisticated: Report first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways