What is Business Email Compromise?





I recently read a press release from the Federal Bureau of Investigation that reported more than $12 billion in financial fraud losses from a vector they call business email compromise. Here at Agari, we think of business email compromise as any attack which claims to be someone you know and trust, and is attempting some kind of theft. The most classic example is a criminal figures out who the CEO of an enterprise is, they send an email purporting to be that CEO and they asked the CFO, please wire this money, please complete this transaction, please pay this invoice urgently.

And often times the CFO does this, paying the money, not to the real recipient that the CEO is mentioning, but the impersonated account, which the criminal has provided. This has been far too successful. It's an example of identity impersonation. And we here at Agari believe it's time to put a stop to that vector and to see the future FBI reports talk about the tremendous decline of business email compromise. Thank you.