Business email compromise (BEC), also more descriptively known as whaling or CEO fraud, is a type of spear phishing that involves compromising emails of executive employees in organizations. The compromised emails are then used to request huge amounts of money or sensitive information from senior employees. This is a type of phishing that gained attention from 2013. The FBI investigated 22,000 cases from organizations that had resulted from once-despised phishing attacks. Between 2013 and 2016, cases reported to the FBI had a cumulative loss of $1.6 billion. The US was ahead in the number of organizations that had been attacked, across all 50 states. The attackers were seemingly combing through all industries with business email compromise attacks. They had, however, shown interest in real estate agencies. The reason was that there were many real estate companies; thus a wider pool of emails could be compromised. The huge sums of money exchanged in real estate transactions were also a big attraction for attackers. All that the attacker needed was to compromise just one of the people in the chain of communication and get access to their email address. After getting access, the attacker would observe all communication and decide when to send a request for funds to be released to a certain account.

Trend Micro, a leading company in data security and cyber security solutions, did an analysis of BEC incidents that had occurred between 2017 and 2018. In their analysis, they revealed that BEC attacks had been on the rise, and by the end of 2018, a total of $9 billion would be lost due to these attacks. They said that BEC attacks were mostly executed in two ways:

• Credential theft—cyber criminals were stealing credentials from employees of target organizations by using keyloggers and phishing kits. Phishing kits are entire systems that come with tools and templates that can be used for phishing.
• Social engineering emails—this is where cyber criminals targeted the organizations without stealing any credentials. They would use their own spoofed emails and make them sound and feel like they came from senior employees in the finance department. The emails would directly order junior employees to quickly transfer some amounts to a certain bank account as payment to suppliers or contractors.

In the analysis of the actual content in successful BEC attack emails, Trend Micro observed that most successful BEC attack emails used purchase orders, payments, and invoices to get the targets to send money. They exploited a flaw in organizations where senior-level employees can order junior employees to make transfers to other parties without raising any questions. In many organizations, this is a norm. Actually including actual purchase orders, bills, and invoices showed that BEC attackers had more chances of convincing their targets that the request was genuine and the money transfer had to be completed.