Business Email Compromises (BECs) are often seen as incidents where attackers gain unauthorized access to email accounts, typically for wire fraud or theft. However, BECs are fundamentally identity compromises. In many cases, the same credentials used for email access also grant access to an organization’s Single Sign-On (SSO) system, opening the door to various cloud-based applications and remote access services, thus amplifying the potential damage.
This paper explores the shift from viewing BECs as simple financial attacks to recognizing the broader threat posed by Nation State or eCrime adversaries.