compromised email accounts to conduct unauthorized transfers of funds or to request sensitive personal or financial information. In some cases, the scammers impersonate high-ranking company officials, legal advisors, or vendors, creating a sense of urgency or authority to prompt hasty actions by the victims.

Several distinct types of BEC scams have been observed in the wild:

• Fake invoice schemes: This is where scammers pretend to be your suppliers. They send you fake invoices that look real, hoping you’ll just pay them without double-checking.
• CEO fraud: Here, the scammer poses as the big boss—maybe your CEO or another top executive. They send an email that seems to come from them, usually asking for an urgent money transfer.
• Attorney impersonation: In these scams, the fraudsters pretend to be lawyers or legal advisors, usually emailing you about something confidential or urgent that needs quick financial action.
• Data theft: By targeting HR or finance folks, data theft scams aim to get personal or financial info about employees or the company. Remember: it’s not always about money.

• Commodity theft: Last but not least, this type of BEC scam is a bit different because it focuses on physical goods. Basically, scammers order products or services using a compromised email account, often posing as a legitimate employee or business associate, but never paying for them.

 The scam begins with the identification of potential targets. Scammers often focus on individuals within a company who have the authority to make financial transactions or access sensitive information. These targets are usually identified through public sources such as company websites

More info: How Desktop Virtualization works