Business Email Compromise

What Is Business Email Compromise?

Business email compromise (BEC) is the most financially damaging form of cybercrime. The FBI's IC3 reported $2.9 billion in adjusted losses from BEC in 2023 alone, making it the costliest internet crime category by a wide margin. BEC attacks work because they do not rely on malware or malicious links. Instead, they use impersonation and social pressure to trick employees into sending money or sensitive data to attacker-controlled accounts. In this simulation, you receive an urgent email that appears to come from your CEO, CFO, or another senior executive. The message requests an immediate wire transfer, a change to vendor payment details, or the release of employee W-2 records. The email tone matches the executive's communication style, and it includes a plausible business justification for the request. The sender address may be spoofed to look identical to the real address, or it may come from a lookalike domain that differs by one character. You will practice the verification workflow that stops these attacks: pausing despite the urgency, checking the actual email header rather than the display name, and confirming the request through a separate communication channel like a direct phone call or an in-person conversation. The exercise demonstrates why BEC messages bypass spam filters (they contain no malicious payload to detect), how attackers research organizational hierarchies to time their requests during leadership travel or busy periods, and why finance teams need standing policies that require multi-person authorization for payment changes and transfers above defined thresholds.

What You'll Learn in Business Email Compromise

• Identify email spoofing and lookalike domains by inspecting the full sender address in email headers rather than trusting the display name
• Apply multi-channel verification for financial requests by confirming through phone calls, in-person contact, or pre-established secure channels
• Recognize the urgency and authority tactics BEC attackers use to pressure employees into bypassing normal approval processes
• Explain why BEC emails consistently bypass spam and phishing filters because they contain no malicious links, attachments, or payload
• Implement organizational controls including multi-person authorization for wire transfers and mandatory verification for payment detail changes

Business Email Compromise — Training Steps

1. Introduction

   Last week, Nexlify was acquired by GlobalTech Industries, a multinational corporation. The merger has created a whirlwind of activity - new processes, unfamiliar systems, and countless emails from the parent company's various departments.

2. The Chaos of Transition

   Alice's desk is cluttered with merger documents, and her inbox is overflowing with messages from GlobalTech employees she's never met before. The transition has been overwhelming, with new vendor approvals, budget reconciliations, and urgent requests coming in hourly. She barely has time to process everything properly, let alone verify every single communication through official channels.

3. The Deceptive Newsletter

   Alice notices a new email in her inbox from 'GlobalTech Communications' with the subject line '[URGENT, FOR FINANCE MANAGERS] - New Partnership Announcement.' She clicks the email since the subject implies it's for her. The sender's email address appears to be news@globaltech-corp.net , which looks official enough given all the GlobalTech domains she's been seeing lately.

4. Clicking the Link

   Alice clicks on the link to read more about the new supplier partnership, thinking it's important to stay informed about parent company developments. The browser opens to what appears to be GlobalTech's internal news portal, complete with company branding and recent merger-related articles.

5. The Fake Portal

   The article discusses GlobalTech's strategic partnership with 'Meridian Supply Solutions' and emphasizes the urgent need to establish payment channels for immediate project implementation. The website looks professional and contains other legitimate-seeming corporate news, making Alice believe this is genuine company information. What Alice doesn't realize is that this website is fake. By clicking the link, she has unknowingly validated her email address and confirmed she's actively reading communications that appear to be from GlobalTech.

6. The Urgent Financial Request

   Thirty minutes later, Alice receives another email - this time from the legitimate GlobalTech email system.

7. The Fatal Decision

   Against her better judgment, Alice decides to process the transfer. She reasons that the email came from a GlobalTech Finance Manager, references the official partnership announcement, and carries an urgent business justification. With everything happening so quickly since the merger, she assumes this must be part of the new corporate procedures she hasn't been fully briefed on yet.

8. Accessing Payment System

   Alice logs into Nexlify's financial portal and initiates a wire transfer for $85,000 to the bank account details provided in Michael Chen's email.

9. Submitting The Transfer Details

   She feels a lingering sense of unease but pushes it aside, telling herself she was following instructions from the parent company's finance leadership.

10. The Shocking Phone Call

    Answer the incoming phone call from CEO James Morrison.