What is Business Email Compromise?

Business Email Compromise (BEC) is a type of phishing attack that targets businesses in an attempt to defraud the company. The criminals behind business email compromise scams attempt to create convincing-looking emails which may ask for unusual payments or contain links that disguise harmful viruses and attachments which are activated when downloaded or opened. Unlike standard phishing emails sent out to hundreds of recipients, BEC attacks are designed to appeal to specific, targeted individuals, usually senior executives. Business email compromise is a threat to businesses of all sizes and sectors. While financial fraud is still a primary goal, threat actors are evolving BEC attacks to gain greater access to company networks and proprietary data, such as SharePoint, OneDrive and network environments where they can exfiltrate and encrypt data.

Common BEC Attacks

BEC attacks typically start with a phishing email that contains a malicious attachment or layered redirect links to credential-harvesting websites. However, threat actors have evolved their tactics to include the following:

  • Multi-factor authentication (MFA) prompt bombing or MFA fatigue
  • Exploitation of software vulnerabilities including those in Microsoft Exchange servers
  • Exploitation of access gained in a ransomware attack to compromise email accounts
  • Exfiltrating and deleting cloud data and then ransoming to not release the stolen information
  • Phishing via voicemail (vishing) and text message (smishing)
  • Adversary-in-the-middle (AiTM) phishing campaigns where threat actors steal passwords and hijack active user sessions.
  • Leveraging passwords exposed in a third-party breach.

CYFOR Secure are experts in each step of the BEC investigative process and deliver timely and defensible answers for the challenges that a business may face. From misdirected payments to the compromise of sensitive data or unauthorized access to the greater network environment. CYFOR Secure offers several solutions in order to protect your organisation from falling victim to a business email compromise attack.

Fixed Fee BEC Solution

Our fixed fee BEC solution is an automated tool that caters for more restrictive budgets and provides a simplified report of the investigative findings. The solution provides the answers to key questions and helps determine the extent to which the systems have been compromised.

Comprehensive BEC Investigations

Our digital forensic investigators and cyber security analysts perform a full tenant review, including a comprehensive log analysis that identifies suspicious activity related to previously identified indicators of compromise (IOC). This also includes identification of foreign logins or access to mailboxes within an email environment, Enterprise mail rule review and a detailed forensic report.

BEC Packages

Fixed Fee BEC

Affected Office 365 Accounts

  • Suspicious behaviour analysis
  • Unauthorised access evidence
  • Unauthorised access duration
  • Access method
  • Search results export

Office 365 Enterprise

  • Mailbox rules review
  • Full tenant review for IOCs

Comprehensive BEC

Optional add-on services ∗

  • Mailbox activity evidence ∗
  • All accounts log analysis ∗
  • Threat vector identification ∗
  • Threat email identification ∗
  • Email Preservation ∗
  • Narrative report format ∗
  • Customised pricing structure ∗
Contact our experts

Proactive Business Email Compromise Monitoring and Prevention

Applying proactive cyber security measures is always the best way to protect your organisation. To best prepare your organisation against a Business Email Compromise attack, CYFOR Secure’s experts can perform a variety of mitigation services:

  • Cloud security and email assessments to help reinforce mailboxes
  • Assist with cloud system configuration and monitoring
  • Conduct simulated phishing attacks to help educate your staff
  • Ingest mail logs and survey for malicious activity
  • Apply managed detection and response (MDR) monitoring to flag suspicious behaviour

BEC Response Retainer

BEC is often an indication of a deeper compromise to company systems and may require extensive incident response and data breach notification support. CYFOR Secure’s clients can combine fixed-fee BEC solutions or a more comprehensive BEC package with our Cyber Incident Response Retainer. This provides access to cyber investigators and flexibility to allocate incident response resources as well as all other cybersecurity solutions offered by CYFOR Secure.

Incident Response Retainers

Business Email Compromise Experts

As part of the wide CYFOR Group, CYFOR Secure are expertly placed to assist your organisation through every step of a BEC investigation. Our investigators possess industry-leading expertise across digital forensics, cyber security and litigation support. With Relativity certified professionals we can perform managed mailbox reviews quickly and efficiently, across many email systems including but not limited to, Microsoft Azure, Microsoft 365, and Exchange. In addition to this, we work closely with cyber insurance companies and law firms to ensure investigations are protected and are executed at the highest level.