NPC Security Alerts
Business Email Compromise (BEC) aka CEO Fraud

August 19th, 2015

What's the issue?

There has been a recent increase in BEC (Business Email Compromise) scams, also known as CEO Fraud or Wire Payment Scam. It is an increasingly common scam cybercriminals are using to steal money from companies. The cybercriminals use a series of tricks to gain access into the email account of a CEO, CFO, COO or an executive in the company, to gather information that will allow them to convincingly impersonate the executive with detailed company information, and then fraudulently order payments to the criminals' accounts.

On August 6, 2015 Ubiquiti Networks Inc., a networking firm, disclosed that they were victims of a criminal fraud where cybercriminals stole $46.7 million. In Ubiquiti's quarterly financial report filed with the U.S. Securities and Exchange Commission (SEC), it reads:

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company's finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties. As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary's bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred."

How does this scam work?

The BEC scam is not something that happens overnight. Cyber-thieves primary methodology to gather information is to send the executive fraudulent emails laced with malware to gain access to their email account. The cybercriminals are meticulous and spend time learning the ins and outs of a business. By identifying local and foreign suppliers, the details of regular payment activities like size of payments, frequency, document numbering, payment protocols, and studying emails of the executives in the company, they are able to impersonate them in a familiar voice.

Through monitoring the communications and possibly acquiring the executive's various logins, they can create a “spoof” email account that looks similar to the executives or the company's email. Also, as cybersecurity expert Brian Krebs explains, “unlike traditional phishing scams, spoofed emails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed.”

The cybercriminals target a great variety and size of company. To remain undetected for as long as possible, they particularly focus on companies that regularly perform Electronic Funds Transfers (EFT's) or wire transfer payments.

Other than attacking the executive with authority in a company, two variations occur. By studying the communications of a hacked executive's email, or by directly hacking an employee's email, a person is identified who has regular financial communications with vendor suppliers. The cyber-thieves then, spoofing the hacked employee's email, direct suppliers to pay to an alternate account. Cyber-thieves will also, after studying the relationships of the target company, write the target company in the voice and style of a supplier, requesting the supplier's payments be re-directed to an alternate account.

What does this mean to me?

The Internet Crime Complaint Centre (IC3) released statistics for 2013-2014, which states that there were 2126 victims of BEC reported, with a high concentration in North America, for a combined total of $215 million stolen from businesses. This represents an average theft size of $101,128. While only a modest percentage of BEC crimes are reported for tracking, it is clear 2014-2015 is seeing an increase. No matter the size of your company, it is important to take precautions, especially with email communication. The cybercriminals tactics are so sophisticated that these scams can be overlooked until considerable loss is detected and it is too late to reverse the transactions.

What should I do?

  • Do not open any email attachments you are not expecting, or click on unknown ads or links on websites you are unfamiliar with.
  • Ensure you have a current and fully patched operating system, office suite, web browser and a powerful and up-to-date anti-malware suite.
  • Avoid using personal email accounts, or free web-based email for business.
  • Be vigilant with your email communications, make sure you are communicating with a familiar or real email account, with special attention paid to sudden process changes or urgent requests.
  • Be careful not to disclose in social media, etc., the vacation or travel agenda of executives.
  • Ensure that your company has in place a two-step verification for important activities and account transactions, the second step being a person-to-person voice call when changes occur to transaction processes or over certain financial limits.

For more information

If you have any questions or concerns, do not hesitate to call the support centre at 1-855-667-2642 or email


NPC Security Alerts

Receive our NPC Security Alerts email to stay on top of the most important security threats to your devices, data, and your privacy. We do not use this list for any other purpose.

Sign up now