A business email compromise (BEC) attack is tough to catch in the wild. An email directly from the company CEO to the finance department, requesting an urgent money transfer to an unknown account, claiming that the funds are for a top-secret company acquisition, would look legitimate on the surface. It may even be from a legitimate email account. Besides this being an unusual request and outside a company’s typical payment process, an unsuspecting victim can easily be duped into obliging.

This is what a typical BEC attack looks like. It is a sophisticated phishing scam that targets business email accounts by impersonating company executives and tricking victims into transferring funds or leaking confidential information. These attacks don't discriminate—tech giants such as Google and Facebook and even small businesses have fallen victim to such attacks.

BEC attacks are becoming increasingly sophisticated, with criminals using advanced technologies of their own to execute attacks. Traditional email security solutions cannot keep up, paving the way for solutions that leverage behavioral analysis and AI to tackle this billion-dollar problem.

But how does BEC actually work and what are the new technologies out there to address this? This EDGE Insight aims to answer just that.