An e-mail compromise, or e-mail account compromise (EAC), is a digital attack in which various tactics are used by malicious individuals to gain access to the e-mail inbox of another individual. (Digital) tactics such as phishing, malware and password spray are used in such attacks. An e-mail compromise can lead to e-mail fraud, in which the legitimate e-mail account is utilized to commit fraudulent attacks on other individuals.
Businesses can also fall victim to e-mail compromising attacks, known as a business e-mail compromise (BEC). In most cases, malicious individuals send an e-mail which appears to be from a legitimate source, including a legitimate request. For example, requests can be made to transfer down payments or change the e-mail on an invoice, which can lead to severe financial damage to a company. These e-mails are often send by senior management or directors whose e-mail accounts are compromised and send to the financial department. Measures against e-mail compromise often include awareness, training, process interventions (2 pair of eyes, orders only through decidated systems, only use recognised and verified bank accounts) and technical interventions (e-mail monitoring, e-mail filtering, anti-phishing solutions, multi-factor authentication).
Related keywords: e-mail spoofing, spear phishing spoof attacks, spam, anti-spam, spam filtering, unsollicited infected e-mails, whaling, social engineering, CEO fraud, CFO fraud, CxO fraud