All it takes is one of three words and impersonating the correct executive to pull off a successful Business Email Compromise (BEC) attack, according to a new Trend Micro report.
Ryan Flores, a Trend Micro threat research manager, said the words the words "Transfer," "Request," and "Urgent" are among the most commonly used in subject lines and that phishing scams use either the CFO, 40 percent, or CEO, 31 percent, to set up the scam.
“How can you say no when it's the CEO asking? How can you not comply when it's already the President specifically requesting,” Flores wrote
Flores also noted that not such BEC attacks are used in the conventional manner of fooling a worker to directly steal information. The hacker download malware allowing the email account to be taken over by the criminal so he or she can ask for money wire transfers.