In a business email compromise (BEC) attack, the threat actor impersonates which entity to gain financial advantage?

In a business email compromise (BEC) attack, the threat actor typically impersonates a known source. This is crucial because the effectiveness of such attacks greatly relies on establishing trust with the target. When the attacker poses as someone familiar, such as a high-level executive, a colleague, or a trusted partner, the victim is more likely to comply with the fraudulent request.

The attack usually involves crafting emails that appear legitimate and may include language, signatures, and even formatting that mimic the impersonated individual. By leveraging the trust already established in the relationship, the attacker can often convince the target to transfer funds or provide sensitive information, ultimately resulting in financial gain for the threat actor. The situation is compounded by the fact that these communications typically occur outside of secure company channels, making them harder to detect.

In contrast, impersonating a random stranger, a competitor, or an anonymous organization lacks the personal connection and trust that are key factors in BEC attacks. These options would be much less effective in persuading someone to take action, as they do not carry the same level of credibility or urgency that comes from a known and trusted entity.