Business email compromise scams getting more sophisticated: Report

Messaging scams that try to trick employees into performing risky transactions continue to dog organizations.

In a report released today, Trustwave said a category of cons called business email compromise (BEC) scams followed a historical trend by jumping in January and February before settling down.

More importantly, attackers have come up with a new tactic: Instead of sending an email purporting to be from an executive and asking for action — paying a supposed invoice or changing payments to be made to a bank account controlled by the threat actor — the message asks the employee to email a supposed staffer of a company. It’s a way of convincing the victim of the legitimacy of the message.

For example, the first email sent by the supposed executive tells the employee that a representative from a financial company is requesting payment for an unpaid invoice. The employee is told someone from that company will be emailing them. It’s not uncommon for this first message to use the real name of that contact person.

The second email the employee gets is from the supposed contractor/supplier/partner and repeats the request for payment of the overdue invoice. A variation of this scheme has the supposed employer telling the employee to contact the other company (by email, of course).

“To make the scam appear legitimate,” notes Trustwave, “these emails contain specific information such as an invoice number and date of scheduled payment. They are also longer in content and written in a professional manner, unlike traditional BEC emails. The vendor representative names are real employees of the financial institutions that the scammers use in their invoice fraud scheme.”

One clue the message is a scam: It comes from a free email service like Gmail. In the first half of this year, 84 per cent of BEC messages detected by Trustwave came from free webmail addresses.

Related content: Employees still too gullible

BEC uses different bait topics to gain the attention of their victims, the report says. These include

  • payroll diversion, where the target is asked to change the sender’s bank account, payroll, or direct deposit information. Almost half of the BEC scams detected by Trustwave in the first half of this year were in this category;
  • request for contact, where the target is asked to forward their mobile number or personal email address. Then the scammer moves the conversation to mobile or WhatsApp where it is more likely to evade detection;
  • task, where the target is told something has to be done urgently;
  • availability, very short emails asking if the victim is available for a follow-up message;
  • gift purchase, where an employee is asked to buy a gift card or cards for an occasion (a staff member’s birthday or the office Christmas party;
  • wire transfer, where the staffer is told to send money in a wire transfer;
  • and a request for a copy of a corporate document that has sensitive data (for example, the executive needs a list of employees and their Social Security numbers).

Regular employee security awareness training is one way these and similar scams can be blunted.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.