Overview
A business email compromise (BEC) occurs when a hacker accesses any school user email account to:
- trick someone into transferring money
- steal valuable (or sensitive) data
Any account can be targeted, including those used to access and manage financial, personal or other sensitive information.
The attacker’s motive may be to:
- impersonate a member of staff to take control of financial processes and redirect funds
- gain access to personal, private data
- further compromise user accounts to carry out additional attacks
Phishing versus BEC
Phishing emails usually target a large group of users.
BEC emails are tailored phishing emails targeted at individuals. Any users with access to sensitive data may be targeted. This approach is also known as “whaling” or “spear phishing”.