Business email compromise


Business email compromise attacks are a form of cyber crime which use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Consumer privacy breaches often occur as a result of business email compromise attack.
Typically an attack targets specific employee roles within an organization by sending a spoof email which fraudulently represent a senior colleague or a trusted customer. The email will issue instructions, such as approving payments or releasing client data. The emails often use social engineering to trick the victim into making money transfers to the bank account of the fraudster.
The worldwide financial impact is large, with the US's Federal Bureau of Investigation in 2017 reporting losses, "...now totaling over $3 billion.”
From 2016 to 2018, business email compromise attacks made over $5 billion. By 2020 there are expected to be 20 billion connected Internet of things devices, making it easier for adversaries to successfully carry out ransomware attacks, including business email compromise.

Incidents