Business Email Compromise (BEC), or CEO Fraud, is a sophisticated scam. It bypasses firewalls because it doesn't contain malware—just a convincing lie from a "boss".
The Attack Flow
1Research
Attacker identifies the CFO and CEO via LinkedIn.
2Spoofing
Creates a fake email (ceo@c0mpany.com) or compromises the real account.
3The Ask
Emails CFO: 'Urgent: Wire $50k to this vendor. I'm in a meeting.'
4The Loss
CFO complies out of fear/urgency. Money is gone.
Why It Works
No Malware: Zero viruses to scan for. It relies on social engineering.
High Cost: BEC losses often dwarf credit card fraud (Millions vs. Thousands).
Psychology: Exploits the desire to please leadership.
Red Flags
Unusual Urgency ('Do this NOW')
Secrecy ('Don't tell anyone yet')
Domain Spoofing (check the sender address carefully)
Key Takeaway
"The best defense is process. Always verify payment requests via a secondary channel (voice call) if they come via email."
