REGARDING BEC
BEC stands for Business Email Compromise
With BEC the aim is to gain access to the victim’s emails.
The victim should ideally be a business.
You can do this by social engineering a way for them to accept your entry point. That could be through botnets that steal password, RAT’s that give you control over their device, scam-pages that lure the victim into entering their genuine login credentials which you then receive along with their online fingerprint. Some will simply spam multiple emails and go through them until they find a good target.
Research
Once you have access it’s time to look into their email account searching for many things:
1. Invoices going out
2. Purchase orders coming in
3. Payment requests going out
4. Debt owed to the company
5. Any sort of payment that can be manipulated
Social Engineering
Now you can use their email or spoof their email creating a clone domain and use the previous message as a starting point.
If it’s an invoice you can tell the customer that we are amending the payment instructions to reflect our new bank account.
If it’s a purchase order coming in you could accept it by looking at past emails to see how the company accepts purchase orders. Then send the victim the new payment instructions the same way the company normally would.
If debt is owed to the company you could be making a request for payment and even giving them a payment plane to pay £180,000 in three payments of £60,000 each for example.
Any sort of payment you see owed to the company you need to make it so that it ends up in your pocket.
Sometimes in these scenarios you have access to their computer or their cloud databases. You can remove clients from the actual company and manipulate the client with no interruption. Some remove debts from the company and handle it themselves.
Conclusion
There isn’t just a single way to do BEC.
You can divert payments from businesses in many ways and find many entry points and manipulate many scenarios. Some will hack the CEO email and send payment instructions to their accounts guy to make a payment in their behalf.
The key of BEC Scam is to get their money into your DROP
EXTRA
Have you thought about getting godaddy or rackspace logs and adding your own email address to the big firms to handle their debts? Like creating billing@domain.com and then contacting the victim who owes money and taking over the case on behalf of that company without anybody being able to tell the difference.
Side Note:
The easiest sounding method is to simply get a Fully Undetectable Silent Exploit that when they click, it automatically downloads a virus to the victim pc and you have access. - it’s also the most costly and the hardest to find. There’s so many fakes out there and they don’t update bots and the virus gets detected on the email.
Scam-page is the cheapest way to go.
Otherwise you’ll be wasting months and $$$$ trying to find something when you could be getting results. If you see this helpful Share ExpertHackers to friends to support for more successful methods.
BEC stands for Business Email Compromise
With BEC the aim is to gain access to the victim’s emails.
The victim should ideally be a business.
You can do this by social engineering a way for them to accept your entry point. That could be through botnets that steal password, RAT’s that give you control over their device, scam-pages that lure the victim into entering their genuine login credentials which you then receive along with their online fingerprint. Some will simply spam multiple emails and go through them until they find a good target.
Research
Once you have access it’s time to look into their email account searching for many things:
1. Invoices going out
2. Purchase orders coming in
3. Payment requests going out
4. Debt owed to the company
5. Any sort of payment that can be manipulated
Social Engineering
Now you can use their email or spoof their email creating a clone domain and use the previous message as a starting point.
If it’s an invoice you can tell the customer that we are amending the payment instructions to reflect our new bank account.
If it’s a purchase order coming in you could accept it by looking at past emails to see how the company accepts purchase orders. Then send the victim the new payment instructions the same way the company normally would.
If debt is owed to the company you could be making a request for payment and even giving them a payment plane to pay £180,000 in three payments of £60,000 each for example.
Any sort of payment you see owed to the company you need to make it so that it ends up in your pocket.
Sometimes in these scenarios you have access to their computer or their cloud databases. You can remove clients from the actual company and manipulate the client with no interruption. Some remove debts from the company and handle it themselves.
Conclusion
There isn’t just a single way to do BEC.
You can divert payments from businesses in many ways and find many entry points and manipulate many scenarios. Some will hack the CEO email and send payment instructions to their accounts guy to make a payment in their behalf.
The key of BEC Scam is to get their money into your DROP
EXTRA
Have you thought about getting godaddy or rackspace logs and adding your own email address to the big firms to handle their debts? Like creating billing@domain.com and then contacting the victim who owes money and taking over the case on behalf of that company without anybody being able to tell the difference.
Side Note:
The easiest sounding method is to simply get a Fully Undetectable Silent Exploit that when they click, it automatically downloads a virus to the victim pc and you have access. - it’s also the most costly and the hardest to find. There’s so many fakes out there and they don’t update bots and the virus gets detected on the email.
Scam-page is the cheapest way to go.
Otherwise you’ll be wasting months and $$$$ trying to find something when you could be getting results. If you see this helpful Share ExpertHackers to friends to support for more successful methods.
