Please fill in the form below to subscribe to our blog

Learn from These BEC Attack Scenarios

September 29, 2022

Explore How BEC Took a Bite Out of These Companies

BEC is a slippery foe because it can take so many forms, making it hard to spot a BEC scheme until it’s too late. But security awareness training can ensure that employees are alert to the general basic types of BEC scams. These scenarios show you what the most common styles of BEC attack look like in action and provide examples of what happened when an unlucky organization fell victim to an attack of that variety.  

Excerpted in part from The Comprehensive Guide to Avoiding Business Email Compromise DOWNLOAD IT>> 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

Urgent payment required or invoice scams  

The most common variety of BEC attack is the invoice or urgent payment required scam. In this scenario, bad actors pose as representatives of a company or government agency and tell the victim that an invoice must be paid immediately to avoid a negative consequence, like the interruption of their phone service. Usually, they ask for a wire transfer to a fraudulent bank account, but sometimes bad actors will request payment using a gift or money card.  


  • The FBI received many reports of COVID-19-related BEC invoice fraud targeting large healthcare organizations. Victims received messages claiming that a fake invoice must be paid immediately for the organization to get a shipment of much-needed medical supplies or vaccines. Victims were instructed to pay by wire transfer. Of course, no supplies ever reached those unfortunate healthcare providers.  
  • Both Facebook and Google fell victim to invoice scams perpetrated by the same cybercriminals that resulted in around $121 million in collective losses. Lithuanian national Evaldas Rimasauskas and associates formed a fake company that used the name of a real hardware supplier, “Quanta Computer.” The group then presented Facebook and Google with fraudulent invoices, which they promptly paid — straight into bank accounts controlled by the bad guys. 

Finding the fix for your security & compliance training challenges is easy with our buyer’s guide! GET YOUR GUIDE>>

Executive impersonation scams  

Bad actors may pose as an executive at the victim’s company or another organization to entice the victim into downloading a malicious document, sending them money, providing them with sensitive information like financial data or helping them access restricted systems and data.  


  • At toy manufacturer Mattel, cybercriminals posing as executives of a Chinese company duped an executive into approving a $3 million offshore payment to their fake firm in China. The executive soon found out that the Chinese firm didn’t exist, and that they had transferred that money to cybercriminals.  
  • Pathé, a French cinema company, experienced a BEC attack in which cybercriminals impersonated the company’s CEO. Bad actors misrepresented themselves to the executives in the company’s Dutch division using an email address similar to the company’s legitimate domain The fraudsters convinced executives to transfer funds to a “new” (fraudulent) bank account to pay for the supposed takeover of a company in Dubai, ending in a loss of $21 million.  

Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>

Misrepresentation scams 

 In a misrepresentation scenario, bad actors target employees in certain departments with the intent to trick them into providing sensitive information or payments. They may pose as government officials or even executives and colleagues within the target’s organization.  


  • The charity Save the Children lost $1 million to BEC. In that scam, the attacker managed to gain access to an employee’s email account, and then used it to send fake invoices and other documents to the charity’s accounting department claiming that the money was needed to pay for non-existent solar panels for a clinic in Pakistan. The accounting department didn’t suspect anything because the invoices came from a trusted address. 
  • In an incident at Snapchat, bad actors contacted a privileged employee in the company’s human resources department. By pretending to be the CEO requesting information for a routine business purpose, cybercriminals were able to trick the employee into sending them sensitive financial data, including payroll details for current and former employees. Technology giant Ubiquiti Networks fell victim to a BEC attack and suffered losses of $46 million in 2015 after fraudsters impersonating employees persuaded other employees in the finance department to send them money for legitimate sounding reasons.  

Security and compliance training pays amazing dividends. Get tips to run an effective program with our how-to guide! GET GUIDE>>

Gift card scam  

Urgency is a hallmark of BEC gift card scams. Bad actors scare their victims, for example, by telling them that their company’s electricity will be cut off for non-payment unless they pay their bill by gift card immediately. The U.S. Federal Trade Commission provides several examples of gift card scam scenarios that they’ve encountered.  


  • The target receives an email purporting to be from a government agency, often the U.S. Internal Revenue Service or the Social Security Administration.  
  • They claim that the victim or the victim’s company must pay taxes or a fine and will face dire consequences if it isn’t paid immediately.  
  • A cybercriminal sends a message pretending to be from Apple or Microsoft tech support, saying there’s something wrong with the company’s systems or services and the victim must pay to have it fixed.  
  • In a common, scary gift card scam, bad actors falsely represent themselves as representatives of a utility like a power company, threatening to cut off service if the victim doesn’t pay immediately.  
  • Cybercriminals pretend to be customers who claim they’ve sent an incorrect payment and are owed money, sometimes threatening legal action if the “overpayment” isn’t returned quickly. 

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>

Credential or information fraud  

A credential compromise BEC scam starts with bad actors asking the victim to provide credentials on the pretense that they’ve misplaced credentials they’d already been given or weren’t given the right ones to complete a task. Both variants lead to the same result — a bad actor tricks an employee into giving them access to systems, accounts and data that they shouldn’t have.  


  • Twitter fell victim to a BEC attack. In this incident, bad actors pretending to be repair contractors contacted Twitter employees. They convinced a Twitter employee that there had been a mix-up and they hadn’t received the right credentials to access a system that required repairs. After obtaining access credentials from the gullible employee, cybercriminals were able to take over accounts belonging to celebrities, including Donald Trump and Elon Musk, and use them for nefarious purposes.  
  • In February 2021, celebrated entrepreneur Obinwanne Okeke was sentenced to 10 years in prison for his involvement in a BEC scheme that resulted in at least $11 million in losses to his victims. Using phishing emails to secure the login credentials of business executives (including the CFO of British company Unatrac Holding), he had a direct conduit to a BEC attack. 

Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>

Stop BEC Before It Starts 

Reduce the chance of a BEC scam doing major damage and mitigate other cyberattack risks affordably with two battle-tested security solutions that you can rely on. 

Security Awareness Training     

 CISA recently recommended that companies step up their security awareness training programs to combat the current flood of ransomware threats.  It’s the right move to make – Venture Beat reports that 84% of businesses in a recent survey said that security awareness training has reduced their phishing failure rates, making their employees better at spotting and stopping phishing, the gateway to most of today’s nastiest cyber threats.       

BullPhish ID is the perfect solution to use to make that happen!      

  • A huge library of security and compliance training videos in 7 languages
  • New lessons and phishing simulation kits are added every month
  • Choose from plug-and-play or customizable phishing training campaign kits     
  • Automation makes training painless for everyone 

Watch Out for Dark Web Danger     

Cybercriminals can do a lot with a compromised credential, like steal data and deploy ransomware. Compromised credentials are easy to obtain on the dark web and they open so many doors. An estimated 60% of data breaches involved the improper use of credentials in 2021.  

Dark Web ID is the answer.    

  • 24/7/365 monitoring using real-time, analyst-validated data     
  • Monitoring of business and personal credentials, including domains, IP addresses and email addresses     
  • Gain priceless peace of mind about dark web dangers 

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!