Business email compromise (BEC) attacks have been increasing in number over the last few years, driven by their relative success rate compared to other financially motivated attacks. They appear to be quite simple – the attacker sends an email to the intended victim, usually a member of the finance team, and requests that they transfer money to an account controlled by the attacker. But why would the victim do so? Well, the attacker has actually invested a fair amount of time and effort into crafting the attack. He uses various social engineering tactics to generate a sense of urgency. He has researched the target organisation, understands the chain of command and the email will appear to have been sent from a member of the leadership team, often the CEO, hence the alternative names for this type of attack – CEO fraud or imposter emails.