Business email compromise is a targeted form of digital fraud in which attackers exploit internal business processes through manipulated or compromised email communication. The goal is to redirect payments, steal sensitive data or manipulate processes.
Small and medium-sized companies in particular are increasingly affected by the compromise of their e-mail communication. Our incident response management team also deals with attacks of this kind almost every day. Now, nearly half of all cases reported to 24/7 emergency response are business email compromise (BEC). Our case study shows how attackers proceed in concrete terms – and what steps you can take immediately to better protect your company.
A medium-sized company commissioned an IT service company to set up new servers. After completion of the project, the accounting department received a detailed final invoice by e-mail and transferred the required amount to the specified account.
A few weeks later, however, the IT company contacted him and asked why the bill had not yet been paid. The subsequent audit showed that the real invoice had never arrived – instead, the accounting department had paid on the basis of a fake e-mail in which the account data had been manipulated.
The forensic analysis revealed that attackers had previously gained access to an employee’s Microsoft 365 account via a phishing email. With the compromised account, they were able to read email traffic in Outlook, monitor communication with the IT company and thus create a deceptively real-looking fake invoice. They forwarded these to the accounting department – provided with false payment information.
