C. In a BEC attack, the attacker typically impersonates a high-ranking executive or authority figure within the organization and requests sensitive information or actions from employees. In this case, the HR director is requesting log-in credentials for a cloud administrator account, which is a classic example of BEC where the attacker seeks to gain access to privileged accounts through deception.

Common Types of BEC Attacks: CEO Fraud: The attacker impersonates a high-ranking executive, instructing an employee to transfer funds to a fraudulent account.

Option A describes an executive whaling attack Option B describes a ransomware attack Option D describes a phishing attack to harvest credentials Option C describes a BEC attack. Business email compromise (BEC) attacks involve an attacker gaining access to a legitimate business email account or impersonating a trusted figure within an organization to deceive employees into taking actions that compromise security. The service desk employee received an email from the legitimate HR director account. This means the HR director's email account has been compromised, and the attacker is attempting to access sensitive information by requesting login credentials from the service desk employee.

A business email compromise (BEC) attack typically involves an attacker impersonating a legitimate business email account to deceive an organization or its employees into making unauthorized transactions or divulging sensitive information. A. - This is a common form of BEC, where the attacker impersonates an executive to request a gift card purchase or other financial action. B. - This describes a ransomware attack, not a BEC. Ransomware typically encrypts files and demands a ransom for decryption. C. - This scenario is a BEC attack, where the attacker impersonates an HR director to gain sensitive credentials. D. - This describes a phishing attack. While phishing can be part of a BEC attack, it is not a BEC attack itself unless it involves the specific impersonation and fraudulent intent typically seen in BEC. The scenario that best describes a possible business email compromise attack is: C.

It's A because THE Classic BEC attack comes in the form of an attacker emailing an internal asking for them to purchase gift cards with the company debit card for a 'future meeting that they don't have time to handle.' This is a scam as it's not really the CFO or whoever and they'll ask you to leave the gift cards 'outside' or somewhere where the attacker can take them. It's also so low in monetary value that nobody cares to investigate, thus enabling the attackers to continue operating with impunity. C is way more than a BEC.

C for sure, anyone can look up an executives name but receiving an email from the actual HR director's email address and not a look alike is a bigger threat.

C is the correct answer. A is a close second but beware the wording on this one. Answer A indicates this is a spoofed account while answer C appears to be an actual compromise of the HR directors email where an attacker has control.

Everywhere I read from credible online sources like FBI, CloudFlare, Cisco, etc., state that BEC is financially motivated and is the main goal, not compromising credentials. Professor Messer even mentions financial fraud.

Obviously, it's C Why does HR need a Cloud Admin Password

BEC is a mail seeming to have come from a known identifiable colleague. C is right.

Business Email Compromise (BEC) ● Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker ● Taking over a legitimate business email accounts through social engineering or cyber intrusion techniques to conduct unauthorized fund transfers, redirect payments, or steal sensitive information

C for me on this one. A could possibly be a BEC, however the attacker is only impersonating the "Name" of the CEO, where as the HR Director has had his/her email actually compromised.

A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.

While the scenario in option A could be part of a broader phishing or social engineering attempt, it does not specifically align with the typical methods and objectives of a BEC attack, which is why option C is a more fitting example of a BEC scenario.

C is the right one

The answer is C, the question states - "Which of the following scenarios describes a possible business email compromise attack" This implies that someone in the business has had their email COMPROMISED, IE - the threat actor is using their email to impersonate them. So the solution should be C, as they are using the HR Directors email to log in to a cloud admin account.

I’d say C