Business Nightmare: Business E-Mail Compromise (BEC)

Cyber fraudsters have recently targeted businesses and their employees, leaving them with significant losses. Cyber fraud causes serious damage to organizations and these crimes cannot be detected in a short time. In recent years, it takes an average of 206 days to detect a cyber breach, 95% of malware is sent via email, more than 60% of businesses are exposed to phishing and social engineering attacks, and high amounts of business email fraud ( BEC) loss was detected. BEC is defined as a malicious form of phishing designed with an email-based fraud method to access critical information of an organization, resulting in financial gain. This study focuses on BEC fraud, which is one of the cyber attack and fraud methods and the main target of businesses, and includes case studies by comprehensively discussing how the system works and which methods are used. When the case studies are examined, it is seen that the perpetrators can easily perform a fraudulent transaction by pretending to be a business manager or employee, sometimes by using an artificial intelligence-based software, without the need for any extraordinary effort.