[go: up one dir, main page]
Scribd
Upload
92 views3 pages

BEC Phishing Simulation Guide

The Business Email Compromise (BEC) Phishing Simulation Guide outlines a six-step process for simulating phishing attacks to educate employees. Steps include reconnaissance, choosing a target, email spoofing, crafting realistic emails, sending and tracking, and providing education post-simulation. The guide also includes email templates and deployment tips to enhance the effectiveness of the simulation.

Uploaded by

muhammedabass06
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
92 views3 pages

BEC Phishing Simulation Guide

The Business Email Compromise (BEC) Phishing Simulation Guide outlines a six-step process for simulating phishing attacks to educate employees. Steps include reconnaissance, choosing a target, email spoofing, crafting realistic emails, sending and tracking, and providing education post-simulation. The guide also includes email templates and deployment tips to enhance the effectiveness of the simulation.

Uploaded by

muhammedabass06
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Business Email Compromise (BEC) Phishing Simulation Guide

Step-by-Step BEC Phishing Simulation Process

Step 1: Reconnaissance (Research)

- Gather employee names, roles, and email formats from LinkedIn or company websites.

- Tools: LinkedIn, Hunter.io, VoilaNorbert

Step 2: Choose a Target + Pretext

- Decide who to impersonate (e.g., CEO, vendor).

- Choose a scenario: urgent wire transfer, vendor bank update, legal demand.

Step 3: Email Spoofing or Lookalike Domain

- Option 1: Spoof email using Gophish or similar tool.

- Option 2: Register a domain similar to the company's.

Step 4: Craft a Realistic Email

- Use real names and job titles.

- Include banking details or instructions for action.

Step 5: Send and Track

- Tools: Gophish, KnowBe4, Cofense, PhishingBox.

- Track opens, replies, clicks.

Step 6: Educate

- Immediately follow up with training for anyone who fails the test.

BEC Phishing Email Templates


Business Email Compromise (BEC) Phishing Simulation Guide

1. CEO Request for Urgent Wire Transfer

Subject: Urgent Payment Needed Before COB

Body: Simulates a CEO requesting an urgent wire transfer with specific banking details.

2. Vendor Requesting Bank Change

Subject: Urgent: Update Banking Details for Future Payments

Body: Mimics a vendor requesting a change to their banking info.

3. Legal/Attorney Pressure

Subject: Confidential Legal Matter Immediate Action Required

Body: Email from a fake lawyer requesting a wire transfer for legal purposes.

4. Fake Invoice Email

Subject: Invoice #99128 Payment Due

Body: Vendor sends an invoice attachment and requests payment.

5. Casual Executive from Mobile

Subject: Quick favor can you handle this?

Body: Short mobile-style message from an executive asking for a wire transfer.

Deployment Tips

- Randomize which employees receive which templates.

- Mix sender identities: CEO, vendor, legal.

- Include minor red flags: urgency, language tone, small typos.

- Use metrics: who opened, replied, clicked, or reported.


Business Email Compromise (BEC) Phishing Simulation Guide

Training Follow-up:

- Send awareness materials immediately after the test.

- Highlight what to look for in real BEC attempts.

- Avoid shamefocus on learning.

You might also like