Case Study: Business Email Compromise

Jakobsson, Markus

doi:10.1007/978-1-4939-6457-4_11

Markus Jakobsson²

1967 Accesses
3 Citations

Abstract

This chapter looks at Business Email Compromise, first describing the structure of common aspects of this scam, and then turning to countermeasures. It is worth noting that many other scams have related structures—for example, scammers commonly use stolen accounts for both Business Email Compromise scams and for Stranded Traveler scams (discussed in Chap. 7) Similarly, just as Business Email Compromise scams commonly use spoofing or masquerading using cousin-name domains, many Trojan Horse distribution campaigns masquerade as trusted senders to convince an intended victim to perform actions intended to infect his or her computer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 119.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
In one very common version of the BEC scam, a person able to perform payments and transfers in a company receives an email from the CEO of the company—or so it appears—in which the recipient is asked to help perform a transaction. In a version of this scam, also commonly figuring the CEO as the supposed sender of the scam email, a person in HR receives a request to transmit W-2 information about some employees. This information is commonly used to file tax returns on behalf of the employees, effectively allowing the scammer to steal money from the government by obtaining tax refunds on behalf of people they impersonate—whether these people really should expect a refund or not.
2.
In fact, many email readers do not even display the sender’s address—this is clearly a problem, as it simplifies the task of masquerading users dramatically.
3.
In a typical typo-squatting attack, an attacker registers a domain with a reasonably common misspelling, hoping that unfortunate users will make a mistake and either direct their browsers or outgoing emails to a server controlled by the attacker. Typo-squatting is not yet a very common approach among scammers, but is worth addressing, especially in the context of companies associated with sending confidential information by email.
4.
https://whois.icann.org/en.

References

Domain-based message authentication, reporting, and conformance (DMARC) (2015), https://tools.ietf.org/html/rfc7489. Accessed 17 Apr 2016
Jaro-Winkler, https://xlinux.nist.gov/dads//HTML/jaroWinkler.html
C. Soghoian, O. Friedrichs, M. Jakobsson, The threat of political phishing, in International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), Port Elizabeth (2008)
Google Scholar

Download references

Author information

Authors and Affiliations

Agari, Portola Valley, USA
Markus Jakobsson

Authors

Markus Jakobsson
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Agari, Portola Valley, California, USA
Markus Jakobsson

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Jakobsson, M. (2016). Case Study: Business Email Compromise. In: Jakobsson, M. (eds) Understanding Social Engineering Based Scams. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-6457-4_11

Download citation

DOI: https://doi.org/10.1007/978-1-4939-6457-4_11
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4939-6455-0
Online ISBN: 978-1-4939-6457-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics