A BEC attack is one in which the attacker uses social engineering to gain access to a corporate email account. Once inside, the cybercriminal can send phishing messages, spam, or malicious programs to recipients on behalf of the compromised company.

One variant involves the use of an account with an address similar to the victim’s.