Business Email Compromise (BEC) Investigation
A Business Email Compromise (BEC) attack appears in many forms ranging from simple to elaborate. Digital Forensics Now typically observes a mixture of technical and non-technical manipulation leading to the threat actor’s end goal of stealing money and/or data.
A Business Email Compromise (BEC) may result from an Accounts Receivable employee receiving a malicious email from the legitimate email account of the Chief Financial Officer (CFO). Unbeknownst to the Accounts Receivable employee, the CFO’s account is compromised and the email guidance to pay an invoice (to an updated bank account) is actually unauthorized. Another Business Email Compromise (BEC) scenario may be for an employee to receive an email containing an attachment or a link directing them to enter their credentials to gain access to a shared file, folder, service, or voicemail. Preoccupied with another task or concerned they’ll not receive the information they need, they do enter their username and password. Unfortunately, this is another threat actor tactic to obtain credentials in order to compromise an account.
Regardless of how the Business Email Compromise (BEC) occurs and the end result, Digital Forensics Now is here to analyze the sequence of events from beginning to end. Digital Forensics Now is also here to provide analysis and guidance for you and your organization to ensure you’re taking the necessary steps to secure your environment from current and future threats.