In 2012, the US Federal Bureau of Investigation (FBI) began investigating an influx of reported fraud incidents involving threat actors rerouting payments to attacker-controlled accounts. In these incidents, victims received seemingly legitimate emails containing requests to alter scheduled payments. The threat actors typically impersonated executives or finance and payroll personnel and convinced victims to reroute payments to a different bank account. These first instances of business email compromise (BEC) kicked off a decade of attacks that use this simple yet highly effective scheme. While the threat has evolved, threat actors continue to use phishing attacks to steal credentials and then send fraudulent invoices soliciting payment. Thousands of organizations have lost billions of dollars.
