CypherCon 2023

You’ve Got Mail (and Misdirected Funds): A Demo of Business Email Compromise

Drew Hjelm


In 2021, email compromises were the most destructive form of cybercrime reported to the FBI, leading to $2.4 billion in losses. These email compromises, called Business Email Compromise (BEC), can lead to misdirected payments, fraudulent wire transfers, and other similar types of financial fraud. This session will look at common ways attackers gain access to email, what they do when they have access to victim email, and how to prevent them from getting in. We will also walk through a demo of how BEC looks through some live email hacking.

Drew Hjelm

You’ve Got Mail!

Drew is a cybersecurity consultant who uses his previous experience as an incident responder, system administrator, web developer, and consultant to help organizations navigate the most difficult times they could imagine. He has a MS degree from SANS and holds the GSE and CISSP, among other certifications. Outside of infosec, Drew enjoys exercise, biking, barbecuing, and gardening.