The Anatomy of a BEC Attack

2 min read Advanced Security Topics

The Anatomy of a BEC Attack

Successful BEC attacks follow methodical approaches:

Phase 1: Research and Reconnaissance

Study organizational structures through websites and social media
Identify key personnel in finance and decision-making roles
Monitor executive travel schedules and activities
Analyze communication patterns and writing styles
Research business relationships and ongoing projects

Phase 2: Infrastructure Setup

Register lookalike domains (e.g., cornpany.com vs company.com)
Create convincing email accounts
Set up money mule networks for fund transfers
Establish communication channels that avoid detection
Prepare supporting documents and materials

Phase 3: Initial Compromise (If Needed)

Deploy targeted phishing to gain account access
Install keyloggers to capture credentials
Compromise email systems for internal intelligence
Set up email forwarding rules to monitor communications
Delete traces of intrusion

Phase 4: Attack Execution

Time the attack when verification is difficult
Craft convincing messages matching known patterns
Create urgency while discouraging verification
Provide detailed instructions for fund transfers
Respond quickly to maintain momentum

Phase 5: Money Movement

Direct funds to mule accounts
Quickly disperse money through multiple transfers
Convert to cryptocurrency or cash
Move funds internationally to complicate recovery
Abandon infrastructure to avoid tracking