The phrase “business email compromise” (BEC) refers to a range of methods and strategies used by hackers to trick people into giving them money or personal information. One thing has stayed consistent throughout the creation and repurposing of this array of related tactics: virtually always, the victim and scammer communicate over email. As mobile devices make it easier to conduct assaults, actors are increasingly trying to switch potential victims from email to SMS, focusing on this crucial intermediary between attacker and victim. These new operations, like the majority of BEC attacks, start with an email intended to provoke a reaction from a potential victim. The con artist only differs in that they also a request for the mobile number of the addressee. By switching to their cell phone, the con artist gives their victim all the tools necessary to finish the assignment that has been assigned to them. Once a victim is on the hook, a mobile device increases the likelihood that the scammer will be successful in achieving their desired outcome because it allows for instant and direct messaging, the ability to take pictures with the phone’s camera, and far greater portability than a laptop.
