Discover more about

Business Email Compromise Response and Investigation

Understanding Business Email Compromise (BEC)

Business Email Compromise (BEC) involves unauthorised access to one or more email accounts by a threat actor. Historically, BEC attacks were primarily used to commit financial fraud, such as redirecting payments or wire transfers to accounts controlled by the attackers. While financial fraud remains a major goal, BEC attacks are increasingly evolving to gain broader access. Attackers now explore connected platforms like SharePoint, OneDrive, and Teams, and can pivot into network environments to exfiltrate and sometimes encrypt sensitive data (ransomware attacks).

Common BEC Attack Vectors and Mitigation Steps

BEC attacks typically start with a phishing email containing a malicious attachment or redirect links to credential harvesting websites. DFLABS has observed the evolution of these tactics to include:

  • Phishing via Voicemail (Vishing) and Text Message (Smishing)
  • Multi-Factor Authentication (MFA) Prompt Bombing or MFA Fatigue
  • Adversary-in-the-Middle (AiTM) Phishing Campaigns: These allow attackers to steal passwords and hijack active user sessions, even with MFA enabled.
  • Exploitation of Exposed Passwords: Especially in cases of credential reuse (using the same or similar passwords for multiple accounts).
  • Exploitation of Software Vulnerabilities: Including those in Microsoft Exchange servers.
  • Leveraging Ransomware Access: Compromising email accounts through access gained in ransomware attacks.
  • Exfiltrating and Deleting Cloud Data: Then demanding ransom to not release the stolen information.

Full Service BEC Investigations 

Our forensic investigators and analysts can do a full tenant review, including full log analysis where DFLABS reviews for suspicious activity related to previously identified indicators of compromise (IOC), as well as foreign logins or access to mailboxes within an email environment, Enterprise mail rule review and a detailed forensic report.

Our experts are well-equipped to help you during every step of a BEC investigation. DFLABS forensic investigators possess industry-leading forensic training and certifications, and extensive knowledge of email systems, including Microsoft Azure, Microsoft 365, Exchange and many APIs that can greatly expedite the investigation and uncover hard-to-spot activity. DFLABS’s team consists of investigators based in multiple countries and can meet varying needs for geographical-based legal requirements for client data storage, as well as residency requirements for examiners handling sensitive data.

Take the Proactive Step – Business Email Compromise Prevention and Monitoring

To best prepare your organisation against a BEC attack, DFLABS experts can perform email and cloud security assessments to help harden mailboxes, assist with cloud system configuration and monitoring, and conduct simulated phishing attacks to help educate your staff. Additionally, DFLABS offers managed detection and response (MDR) monitoring for Office 365 to flag any suspicious behaviour as well as ingest mail logs and survey for malicious activity.

Comprehensive Business Email Compromise (BEC) Investigations

DFLABS provides full-service BEC investigations, offering a thorough tenant review and detailed forensic analysis. Our forensic investigators and analysts meticulously examine full logs, scrutinise for suspicious activity related to previously identified indicators of compromise (IOC), and monitor foreign logins or access to mailboxes. We also conduct enterprise mail rule reviews and deliver comprehensive forensic reports.

Our experts are equipped to assist you at every stage of a BEC investigation. With industry-leading forensic training, certifications, and extensive knowledge of email systems—including Microsoft Azure, Microsoft 365, Exchange, and various APIs—our team can expedite investigations and uncover elusive activities. The DFLABS investigators are based in multiple countries, allowing us to meet diverse legal and data residency requirements for clients worldwide.

Proactive BEC Prevention and Monitoring

Protect your organisation against BEC attacks with proactive measures from DFLABS. Our experts offer email and cloud security assessments to harden configurations, assist with cloud system configuration and monitoring, and conduct simulated phishing attacks to educate staff.

Additionally, DFLABS provides managed detection and response (MDR) monitoring for Office 365. Our MDR services flag suspicious behaviour, ingest mail logs, and assess for malicious activity, ensuring continuous protection and swift response to potential threats.

Expert Forensic Investigators

Our team possesses industry-leading training and certifications.

Comprehensive Services

From full tenant reviews to detailed forensic reports.

Global Reach

Investigators based in multiple countries to meet legal and data residency requirements.

Proactive Prevention

Security assessments, simulated phishing attacks, and MDR monitoring for ongoing protection.

Leading the Way in Digital Forensics and Incident Response