Business email compromise: what it is and how to fight it.

Cybercriminals continue to successfully hack and spoof emails to impersonate supervisors, CEOs, and suppliers. They request seemingly legitimate business payments. But later employees discover they’ve been tricked into wiring money or depositing checks into criminals’ bank accounts. Known as business email compromise/email account compromise (BEC/EAC), in 2020, these attacks accounted for losses of over $1.8 billion*. But there’s a proven shield against these threats: vigilant employees who know how to recognize and report phishing attacks.

In our 2021 Annual State of Phishing Report, we found that 6% of reported malicious emails were BEC. While simulating a BEC campaign isn’t ideal, organizations that use Cofense PhishMe are able to condition their users to identify and report a BEC email.

*https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf