{"id":48050,"date":"2022-08-18T00:00:00","date_gmt":"2022-08-18T00:00:00","guid":{"rendered":"urn:uuid:ebeffa6e-5537-b09a-50c4-24f2a2a0ed54"},"modified":"2022-08-18T00:00:00","modified_gmt":"2022-08-18T00:00:00","slug":"business-email-compromise-attack-tactics","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/","title":{"rendered":"Business Email Compromise Attack Tactics"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/bec-attacks-tactics-tn:Large?qlt=80\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"Learn from the latest business email compromise (BEC) attack tactics from Jon Clay, VP of threat intelligence.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"article,expert perspective,risk management,detection and response\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"defaultArticleWithVideo\"> <meta property=\"article:published_time\" content=\"2022-08-18\"> <meta property=\"article:tag\" content=\"risk management\"> <meta property=\"article:section\" content=\"article\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/ciso\/22\/h\/business-email-compromise-bec-attack-tactics.html\"> <title>Business Email Compromise Attack Tactics<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/ciso\/22\/h\/business-email-compromise-bec-attack-tactics.html\"><br \/>\n<meta property=\"og:title\" content=\"Business Email Compromise Attack Tactics\"><br \/>\n<meta property=\"og:description\" content=\"Learn from the latest business email compromise (BEC) attack tactics from Jon Clay, VP of threat intelligence.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/thumbnails\/22\/bec-attacks-tactics-tn.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Business Email Compromise Attack Tactics\"><br \/>\n<meta name=\"twitter:description\" content=\"Learn from the latest business email compromise (BEC) attack tactics from Jon Clay, VP of threat intelligence.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/thumbnails\/22\/bec-attacks-tactics-tn.png\"> <\/head> <body class=\"articlepage page basicpage context-business context-ciso\" id=\"readabilityBody\" readability=\"49.458793969849\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyVideo aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1605011095\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"9.2605042016807\">\n<div class=\"article-details\" role=\"heading\" readability=\"38.016806722689\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Risk Management<\/p>\n<p class=\"article-details__description\">Is BEC more damaging than ransomware? What tactics are BEC actors using? How can organizations bolster their defenses? Jon Clay, VP of threat intelligence, tackles these pertinent questions and more to help reduce cyber risk.<\/p>\n<p class=\"article-details__author-by\">By: Jon Clay <time class=\"article-details__date\">August 18, 2022<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"48.354022988506\">\n<div readability=\"45.564367816092\">\n<p id=\"BEC\"><span class=\"body-subhead-title\">&nbsp;What is business email compromise (BEC)?<\/span><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/cybercrime-and-digital-threats\/business-email-compromise-bec-schemes\">BEC<\/a>, also known as email account compromise (EAC), is a type of email cybercrime targeting companies with the typical objective of having company funds wired into the attacker\u2019s bank account. The five types of include: bogus invoices, CEO fraud (impersonating a c-level employee to ask coworkers for money), account compromise, attorney impersonation, and data theft.<\/p>\n<p><span class=\"body-subhead-title\">BEC vs. ransomware<\/span><\/p>\n<p>Seemingly every day there\u2019s news of another cyberattack leading to a multimillion-dollar ransom demand like the Russian-based, ransomware gang REvil initially <a href=\"https:\/\/www.cbsnews.com\/news\/ransomware-attack-revil-hackers-demand-70-million\/\" target=\"_blank\" rel=\"noopener\">demanding $70 million<\/a> from organizations who were crippled by the Kaseya attack. But despite being a mainstay in the media, ransomware losses are dwarfed by those associated with BEC attacks; the <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2021_IC3Report.pdf\"><span class=\"bs-modal\">FBI reported<\/span><\/a> in 2021 $2.4 billion in adjusted losses from BEC complaints and $49.2 million from ransomware.<\/p>\n<p id=\"Types\">There are a couple reasons why BEC losses continue to dwarf ransomware: BEC attacks are historically less technical and rely heavily on social engineering, whereas gaining residence and launching malware to exfiltrate sensitive data requires more skill and time. And due to the expertise required, ransomware gangs tend to be smaller, whereas BEC actors are organized in a looser, more fluid structure, making it difficult for law enforcement to target the leader.<\/p>\n<p>Societal conditions also play a part. The uptick in remote workers using unsecure home networks and personal devices certainly contributed to the increase in BEC losses. Additionally, cybercriminals have upped their game from simple hacking and spoofing to leveraging virtual meeting platforms, creating deep fake videos of CEO\/CFOs, and using cryptocurrency to make recovering funds harder.<\/p>\n<p><span class=\"body-subhead-title\">Types of email services used in BEC attacks<\/span><\/p>\n<p>While BEC may be dressed up differently, it is still an email scam at its core. Let\u2019s look at how and why these five types of email services are used by cybercriminals.<\/p>\n<p><i>1. Free email services<\/i><\/p>\n<p><b>Why it\u2019s used:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">No cost to entry for attackers<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Trusted marketing quality<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Service provides a promise of confidentiality in terms of protecting legitimate users<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Bulk account creation tools can be used to facilitate numerous accounts<\/span><\/li>\n<\/ul>\n<p><b>Attack tactics:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Spoof enterprise employees\u2019 names to commit CEO fraud<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Find personal emails through social media scanning, and spoof friend\u2019s email address so you believe it is from your friend<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Use common account naming conventions<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/22\/h\/bec-attacks-and-tactics\/top10-img.png\" alt=\"top-10-commonly-used-emails\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<p><i>2. Local email services<\/i><\/p>\n<p><b>Why it\u2019s used:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Appears legitimate since it\u2019s locally recognized and used<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Ease of use<\/span><\/li>\n<\/ul>\n<p><b>Attack tactics:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Compromise legitimate accounts<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Create new accounts<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Obtain personal information to use in future attacks (ie., addressing potential victim by their first name)<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/22\/h\/bec-attacks-and-tactics\/local-email-img.png\" alt=\"local-email\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><i>3. Encrypted email services<\/i><\/p>\n<p><b>Why it\u2019s used:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Attackers can hide their footprints<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Prevent systems from tracking them<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Higher level of security features<\/span><\/li>\n<\/ul>\n<p><b>Attack tactics:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Legitimate email address is displayed in the from header and actor\u2019s malicious email is hidden in the reply section<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/22\/h\/bec-attacks-and-tactics\/encrypted-email-img.png\" alt=\"encrypted-email\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><i>4. Self-registered domains directed to featured email services<\/i><\/p>\n<p><b>Why it\u2019s used:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Can create look-alike domains for legitimate companies to deceive victims<\/span><\/li>\n<\/ul>\n<p>Attack tactics:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Control positive email authentication results such as sender policy framework (SPF) or even DomainKeys Identified Mail (DKIM) when sending email to victims<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/22\/h\/bec-attacks-and-tactics\/answer-img.png\" alt=\"answer\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41\">\n<div readability=\"27\">\n<p><i>5. Stolen email credentials and conversations<\/i><\/p>\n<p><b>Why it\u2019s used:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Trusted accounts<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Improves success of BEC attacks<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Can set up rules on email account that anything sent to their domain can be rerouted, enabling attacker to run scam undetected<\/span><\/li>\n<\/ul>\n<p id=\"Defense\"><b>Attack tactics:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Hijack existing conversations where trust is established to trick unsuspecting victim<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Deploy spam campaign with malicious attachments dropping keyloggers or trojan stealers<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Steal credentials in apps like browsers, SMPT, FTP, VPNs, and from computer and systems to spread attack laterally<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Manipulate account or attachments in existing email conversation (ie., sending an \u201cupdated\u201d invoice where payment is rerouted to attacker\u2019s account)<\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">Defense strategies against BEC attacks<\/span><\/p>\n<p>To strengthen your email security posture and reduce cyber risk, answer the following questions across the four pillars to identify potential gaps in cybersecurity strategy:<\/p>\n<p><i>1. People: Many BEC attacks start at the employee level, or the \u201cperimeter\u201d of the attack surface. Strengthening this first line of defense is essential.<\/i><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Do you have and regularly run a cybersecurity awareness program that addresses email threats?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Are you ensuring that key c-level employees and high-value departments, like finance, HR, and legal, are aware of socially engineered attacks using their likeness?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you have competent staff? If not or your resources are limited, do you leverage a managed service to help offset shortages?<\/span><\/li>\n<\/ul>\n<p><i>2. Culture: Strengthening your security posture will be an uphill battle if the only employees that care about security is your security team.<\/i><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Have you established a strong cyber culture within the organization wherein everybody from the top down is cognizant of security best practices?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you have buy-in from the executives that security is a priority and a business enabler?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you enable law enforcement to help reduce cybercrime by reporting any incidents?<\/span><\/li>\n<\/ul>\n<p><i>3. Process: Establishing processes can shift your security defenses from reactive to proactive.<\/i><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Do you audit your emails regularly and analyze logs for BEC attacks?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you have an email where employees can forward suspicious messages for further investigation?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">What best practices frameworks are you leveraging?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Have you established system deployment, management, and maintenance processes?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you have a response plan that includes cyber insurance, direct access to critical bank accounts to stop wire transfers, etc.?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Have you implemented a two-factor authentication (2FA) process to require wire transfer requests to be verified via a secondary medium to the requestor?<\/span><\/li>\n<\/ul>\n<p><i>4. Technology: Look to leverage the latest threat defenses like AI, ML, and behavioral analysis within a single dashboard to reduce manual tasks for overstretched security teams.<\/i><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">How many products are you using? Are you using disparate point products that are creating visibility and security gaps?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Have you investigated consolidating products to one vendor for improved visibility?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you have a solution that automates virtual patching to limit the scope of an attack?<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Do you have a tool that covers all the different aspects of email security, including internal messages? Bonus: does it integrate with your other security products?<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/22\/h\/bec-attacks-and-tactics\/layered-messaging-img.png\" alt=\"layered-messaging\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"29.85020242915\">\n<div readability=\"14.720647773279\">\n<p id=\"Next\"><span class=\"body-subhead-title\">Next steps<\/span><\/p>\n<p>While BEC attacks aren\u2019t as headline-grabbing as other forms of cybercrime, it is still a very significant and costly threat to businesses of any size that needs to be continually monitored.<\/p>\n<p>This doesn\u2019t mean you need to add another suite of security products to your IT ecosystem and create more complexity; with the right cybersecurity platform, you can address a gauntlet of critical threats\u2014including email security and ransomware\u2014to reduce cyber risk across the attack surface.<\/p>\n<p>For more information about BEC statistics and managing cyber risk, check out the following resources:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/ciso\/22\/h\/business-email-compromise-bec-attack-tactics.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is BEC more damaging than ransomware? What tactics are BEC actors using? How can organizations bolster their defenses? Jon Clay, VP of threat intelligence, tackles these pertinent questions and more to help reduce cyber risk. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":48051,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9528,9550,9527,9529],"class_list":["post-48050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-ciso-article","tag-trend-micro-ciso-detection-and-response","tag-trend-micro-ciso-expert-perspective","tag-trend-micro-ciso-risk-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Business Email Compromise Attack Tactics 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Business Email Compromise Attack Tactics 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-18T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/bec-attacks-tactics-tn:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Business Email Compromise Attack Tactics\",\"datePublished\":\"2022-08-18T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/\"},\"wordCount\":1155,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/business-email-compromise-attack-tactics.png\",\"keywords\":[\"Trend Micro CISO : Article\",\"Trend Micro CISO : Detection and Response\",\"Trend Micro CISO : Expert Perspective\",\"Trend Micro CISO : Risk Management\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/\",\"name\":\"Business Email Compromise Attack Tactics 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/business-email-compromise-attack-tactics.png\",\"datePublished\":\"2022-08-18T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/business-email-compromise-attack-tactics.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/business-email-compromise-attack-tactics.png\",\"width\":258,\"height\":217},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/business-email-compromise-attack-tactics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro CISO : Article\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-ciso-article\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Business Email Compromise Attack Tactics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Business Email Compromise Attack Tactics 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/","og_locale":"en_US","og_type":"article","og_title":"Business Email Compromise Attack Tactics 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-18T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/bec-attacks-tactics-tn:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Business Email Compromise Attack Tactics","datePublished":"2022-08-18T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/"},"wordCount":1155,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/business-email-compromise-attack-tactics.png","keywords":["Trend Micro CISO : Article","Trend Micro CISO : Detection and Response","Trend Micro CISO : Expert Perspective","Trend Micro CISO : Risk Management"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/","url":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/","name":"Business Email Compromise Attack Tactics 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/business-email-compromise-attack-tactics.png","datePublished":"2022-08-18T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/business-email-compromise-attack-tactics.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/business-email-compromise-attack-tactics.png","width":258,"height":217},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/business-email-compromise-attack-tactics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro CISO : Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-ciso-article\/"},{"@type":"ListItem","position":3,"name":"Business Email Compromise Attack Tactics"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48050"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48050\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48051"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}