Abstract
This chapter looks at Business Email Compromise, first describing the structure of common aspects of this scam, and then turning to countermeasures. It is worth noting that many other scams have related structures—for example, scammers commonly use stolen accounts for both Business Email Compromise scams and for Stranded Traveler scams (discussed in Chap. 7) Similarly, just as Business Email Compromise scams commonly use spoofing or masquerading using cousin-name domains, many Trojan Horse distribution campaigns masquerade as trusted senders to convince an intended victim to perform actions intended to infect his or her computer.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In one very common version of the BEC scam, a person able to perform payments and transfers in a company receives an email from the CEO of the company—or so it appears—in which the recipient is asked to help perform a transaction. In a version of this scam, also commonly figuring the CEO as the supposed sender of the scam email, a person in HR receives a request to transmit W-2 information about some employees. This information is commonly used to file tax returns on behalf of the employees, effectively allowing the scammer to steal money from the government by obtaining tax refunds on behalf of people they impersonate—whether these people really should expect a refund or not.
- 2.
In fact, many email readers do not even display the sender’s address—this is clearly a problem, as it simplifies the task of masquerading users dramatically.
- 3.
In a typical typo-squatting attack, an attacker registers a domain with a reasonably common misspelling, hoping that unfortunate users will make a mistake and either direct their browsers or outgoing emails to a server controlled by the attacker. Typo-squatting is not yet a very common approach among scammers, but is worth addressing, especially in the context of companies associated with sending confidential information by email.
- 4.
References
Domain-based message authentication, reporting, and conformance (DMARC) (2015), https://tools.ietf.org/html/rfc7489. Accessed 17 Apr 2016
Jaro-Winkler, https://xlinux.nist.gov/dads//HTML/jaroWinkler.html
C. Soghoian, O. Friedrichs, M. Jakobsson, The threat of political phishing, in International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), Port Elizabeth (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media New York
About this chapter
Cite this chapter
Jakobsson, M. (2016). Case Study: Business Email Compromise. In: Jakobsson, M. (eds) Understanding Social Engineering Based Scams. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-6457-4_11
Download citation
DOI: https://doi.org/10.1007/978-1-4939-6457-4_11
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4939-6455-0
Online ISBN: 978-1-4939-6457-4
eBook Packages: Computer ScienceComputer Science (R0)