While closely related to BEC, Email Account Compromise (EAC) specifically involves attackers gaining direct control over an individual’s email account. In EAC scenarios, this compromised account is then used to conduct BEC-like scams or other cyber attacks, leveraging the access to the account to trick others within or associated with the organization.

Once targets are identified, scammers spend time gathering information about them and their organization. This can involve studying the company’s organizational structure, the specific roles and responsibilities of employees, and even the style and tone of communication typically used within the company.

 Using the gathered information, the scammer then creates a convincing persona. This could be a fake identity resembling a trusted vendor, a high-ranking executive within the company (like a CEO), or a known business partner. The aim is to make the identity as believable as possible to not arouse suspicion.

If the target complies with the request, the scammer quickly moves to extract the funds or data. This phase is time-sensitive, as the scammer will want to complete the transaction before the fraud is detected.

More info: Windows 10 Office 365 Migration Services