Technical Aspects of BEC

1 min read Advanced Security Topics

Technical Aspects of BEC

While primarily social engineering, BEC often involves technical elements:

Email Spoofing Techniques:

Display name spoofing to show executive names
Domain spoofing using lookalike domains
Compromised email accounts for authenticity
Reply-to manipulation directing responses elsewhere
Unicode characters creating visual similarity

Account Takeover Methods:

Credential phishing targeting specific employees
Password spraying using common passwords
Exploiting password reuse from breached databases
Session hijacking through malware
Social engineering of password resets

Persistence Techniques:

Email forwarding rules hiding attacker access
Deleted items retention bypassing
Calendar access for intelligence gathering
Contact list harvesting for future attacks
Mobile device synchronization exploitation