Sophisticated hackers impersonate colleagues and authority figures to infiltrate networks and steal millions
Cybercriminals have found a devastatingly effective way to breach corporate defenses: they simply pretend to be the boss. Business email compromise attacks, which involve impersonating trusted colleagues and authority figures, have become the second most expensive cybercrime globally, causing over $2.7 billion in losses according to the FBI Internet Crime Report.
Unlike traditional phishing scams that rely on obvious red flags, these sophisticated attacks exploit the fundamental trust employees place in their colleagues. Even the most cyber-aware staff members can fall victim when they believe they’re responding to a legitimate request from their manager or CEO.
“From a technical standpoint, business email compromise is a very effective attack because it doesn’t require the use of malware, which makes them easier to deploy and they can go undetected by standard cybersecurity tools,” explains Vakaris Noreika, a cybersecurity expert at NordStellar, a threat management platform. “They’re a more sophisticated version of common phishing scams. However, the reason for their efficiency lies in the target — a single compromised account is enough for cybercriminals to access internal networks.”
The perfect corporate disguise
These attacks represent a significant evolution in cybercrime tactics. Rather than casting a wide net with generic spam emails, criminals now invest considerable time researching their targets. They scour LinkedIn profiles, company websites, and public databases to understand organizational structures, identify key personnel, and craft convincing impersonations.
The process typically begins with cybercriminals creating look-alike domains that closely resemble legitimate company email addresses. Armed with insider knowledge about company operations and personnel, they then craft emails requesting credentials, sensitive data, or wire transfers — all while appearing to come from trusted sources within the organization.
“Attacks that utilize data available online are more standard, resembling basic social engineering scams. However, since they’re targeting companies — not individuals — they usually carry the potential of more significant monetary gain for cybercriminals,” Noreika notes. “Even without gaining access to the network, hackers can trick employees into transferring company funds to their controlled accounts, get their hands on confidential data that they can sell to competitors or publish on the dark web.”
Advanced tactics raise the stakes
The most sophisticated business email compromise attacks involve criminals who have already infiltrated corporate email systems. These hackers monitor daily conversations, learning communication patterns and waiting for optimal moments to strike.
“If they manage to infiltrate an account to collect intelligence, hackers could be waiting for the perfect opportunity to request a wire transfer by impersonating a vendor or re-direct employee salary payments,” Noreika explains. “However, business email compromises are often a gateway to deploy more damaging attacks. Once inside the network, cybercriminals can facilitate a ransomware attack, spread malware to employees, clients, and partners, and deploy supply chain attacks.”
This patient approach makes detection extremely difficult. When criminals have spent weeks or months studying internal communications, their eventual requests can appear perfectly legitimate and appropriately timed.
Building business defenses
Organisations face a unique challenge in defending against these attacks because they exploit human psychology rather than technical vulnerabilities. Traditional cybersecurity tools often fail to detect business email compromise attempts since they don’t rely on malicious software or obviously suspicious content.
Noreika emphasizes that comprehensive employee education represents the first line of defense. “Even the most cyber-aware user can fall victim to business email compromise attacks because they exploit the added layer of trust that comes with impersonating a person of authority in the organization,” he says. “As a result, businesses should educate their employees on this specific type of attack — what constitutes suspicious activity and how to adopt a better-safe-than-sorry approach.”
Companies should also implement robust verification procedures, particularly for financial transactions and sensitive data requests. Requiring written documentation and dual approvals for wire transfers and confidential information sharing can prevent criminals from succeeding even when employees are deceived.
Proactive monitoring of the dark web for leaked employee credentials provides another crucial defense layer. “The quicker security teams can spot a cybersecurity incident, the less damage it can cause,” Noreika advises. “Once the organization is aware of any leaked credentials associated with its employees, it can take appropriate actions, such as preparing for a potential data breach and informing the affected users to stay on high alert.”
For compromised accounts, organisations should immediately enforce multi-factor authentication, reset passwords, and monitor for suspicious activity patterns such as unusual login attempts.
More here
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
