How Business Email Compromise (BEC) Scams Target Your Organization
July 29, 2019

Recent findings from the Financial Crimes Enforcement Network, a bureau of the US Department of the Treasury, found that Business Email Compromise (BEC) scams cost organizations over $300 million each month in 2018. BEC scams are highly researched, sophisticated phishing attacks. They often target specific employees and the goal of these attacks are to steal finances or important data.

Any organization can be a target for a BEC attack. Recently, the City of Griffin, Georgia fell victim to a BEC attack after receiving an email from what looked to be a vendor asking for an account change. They ended up transferring over $800,000 to a fraudulent account.

Source: Statista

How BEC Scams Affect Everyone in Your Organization

Finance Department  

Hackers will target your financial department with fake invoices that appear to be from a business partner or with requests to change the bank account details for direct deposits. These attacks often go undetected until the legitimate business partner requests their payment. These kinds of attacks are very specific as they require prior knowledge of an organization’s business partners/vendors/suppliers and their type of partnership. In the case of the City of Griffin attack mentioned earlier, attackers even knew the specific amounts required for invoices.

CEOs or Executives

Hackers often impersonate CEOs or executives to engage in CEO fraud. They will often email employees and request wire transfers to fraudulent accounts. These emails often sound urgent and are sent near end of day to pressure employees into responding quickly.  

Human Resources (HR) Department

Data theft a type of BEC attack that seeks to gain access to personally identifiable information. Since HR deals with sensitive information, they will often be targets of this kind of attack. If a hacker has access to the HR account, they will also have access to information on all employees including executives. They can also use the compromised account to directly request information from employees. Stealing personally identifiable information is valuable for a hacker because they can use it as a starting point to further compromise an organization.

Legal Representation

This BEC scam involves impersonation of a lawyer or legal firm that supposedly represents the company or a business partner. Attackers claim to be handling sensitive information regarding the organization and will request company bank statements or other confidential documents. These documents provide hackers with information about the financial workings of the organization, which they can use for further attacks. Attackers behind this scam will tell employees to be discreet to avoid leaks or to fulfill sensitive business requirements.  

Employee Accounts

Account compromise can happen to any of your employees. This occurs when hackers gain unauthorized access to an employee’s account through a phishing scam or password spray attacks. Once hackers manage to compromise an account, they can move around an organization’s network undetected. As a result, they can compromise an organization further by sending malware to coworkers/clients/business partners.

Protect Against BEC Scams

The best way to protect against BEC attacks is to have a strong cybersecurity culture in your organization. This includes educating staff on cyber threats and encouraging them to speak up if they receive a suspicious looking email in their inbox. Protecting email inboxes with an advanced email security solution like Secure IT Mail will also help block malicious emails.

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Solutions to Grow Your Business

We've got you covered with our comprehensive portfolio of solutions.

Cybersecurity Solutions

Cyber Incident ​Response
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Firewall Security
Mail Security
Penetration Testing Services
Security Baseline Assessment
User Defence
Vulnerability Detection Response (VDR)
Wi-Fi Security

Backup & Recovery Solutions

Hybrid Backup
Enterprise Backup
Mail Archiving

Public & Private Cloud Solutions

Azure Management and Monitoring
Microsoft 365 Administration
Private Cloud
Microsoft CSP

Helpdesk & Field Services Solutions

Professional Services & Consulting Solutions

Monitoring & Management Solutions

Hardware Maintenance Solutions

Application Management Services

Telco Industry Solutions

AI Business Solutions

Your partner in digital transformation

Helping the next generation of MSP and IT solution providers transform and grow.

businessmans handshake

Types of Partners

Managed Services Provider (MSP)

Internet Service Provider (ISP)

Value Added Reseller (VAR)

businessmans handshake

Partnership Overview

Jolera’s partner program offers flexibility to engage with us on your terms. We have spent more than two decades building award-winning best in class partner enablement and turnkey end-customer solutions for you.

Partner Program

Jolera has three partner programs to choose from: Select, Preferred and Premier.

Learn about us and the legacy we have created

At Jolera, we treat each MSP partner with specialized care. With more than 20 years of IT experience, we offer the latest technology to navigate cloud, security, endpoint, and storage needs.

vintage pocket watch vintage background concept

About Us

Jolera is widely recognized as a global managed services leader. We started as managed services provider over 20 years ago and have been at the forefront of managed services innovation ever since.


Our People

As a service provider our main goal is to make the customer happy. For that final goal, we need passionate and happy people working with us – Our People Are Our Biggest Asset.


Our Leaders

We are performance driven at the core - tying together best of breed technology and industry leading expertise with pragmatic processes built to deliver outcomes.

Meet Our Leaders!