Business Email Compromise

What You'll Learn in Business Email Compromise

• Identify email spoofing and lookalike domains by inspecting the full sender address in email headers rather than trusting the display name
• Apply multi-channel verification for financial requests by confirming through phone calls, in-person contact, or pre-established secure channels
• Recognize the urgency and authority tactics BEC attackers use to pressure employees into bypassing normal approval processes
• Explain why BEC emails consistently bypass spam and phishing filters because they contain no malicious links, attachments, or payload
• Implement organizational controls including multi-person authorization for wire transfers and mandatory verification for payment detail changes

Business Email Compromise Training Steps

1. Introduction

   Alice Thompson is a Financial Manager at Nexlify Solutions, a mid-sized software company. Last week, Nexlify was acquired by GlobalTech Industries, a multinational corporation. The merger has created a whirlwind of activity - new processes, unfamiliar systems, and countless emails from the parent company's various departments.

2. The Chaos of Transition

   Alice's desk is cluttered with merger documents, and her inbox is overflowing with messages from GlobalTech employees she's never met before. The transition has been overwhelming, with new vendor approvals, budget reconciliations, and urgent requests coming in hourly. She barely has time to process everything properly, let alone verify every single communication through official channels.

3. The Deceptive Newsletter

   Alice notices a new email in her inbox from 'GlobalTech Communications' with the subject line '[URGENT, FOR FINANCE MANAGERS] - New Partnership Announcement.' She clicks the email since the subject implies it's for her. The sender's email address appears to be news@globaltech-corp.net , which looks official enough given all the GlobalTech domains she's been seeing lately.

4. Clicking the Link

   Alice clicks on the link to read more about the new supplier partnership, thinking it's important to stay informed about parent company developments. The browser opens to what appears to be GlobalTech's internal news portal, complete with company branding and recent merger-related articles.

5. Introduction

   The article discusses GlobalTech's strategic partnership with 'Meridian Supply Solutions' and emphasizes the urgent need to establish payment channels for immediate project implementation. The website looks professional and contains other legitimate-seeming corporate news, making Alice believe this is genuine company information. However, this is actually Bob's fake website designed to look like GlobalTech's portal. By clicking the link, Alice has unknowingly validated her email address and confirmed she's actively reading communications that appear to be from GlobalTech. Bob now knows his social engineering approach is working and that Alice is engaged with content about the fake supplier.

6. The Urgent Financial Request

   Thirty minutes later, Alice receives another email - this time from the legitimate GlobalTech email system.

7. The Fatal Decision

   Against her better judgment, Alice decides to process the transfer. She reasons that the email came from a GlobalTech Finance Manager, references the official partnership announcement, and carries an urgent business justification. With everything happening so quickly since the merger, she assumes this must be part of the new corporate procedures she hasn't been fully briefed on yet.

8. Accessing Payment System

   Alice logs into Nexlify's financial portal and initiates a wire transfer for $85,000 to the bank account details provided in Michael Chen's email.

9. Submitting The Transfer Details

   She feels a lingering sense of unease but pushes it aside, telling herself she was following instructions from the parent company's finance leadership.

10. The Shocking Phone Call

    Answer the incoming phone call from CEO James Morrison.