Business Email Compromise through long-term mailbox session access — not phishing.
The CFO approved the payment.
The supplier was real.
The invoice format was familiar.
The project timeline matched expectations.
€220,000 transferred.
This was not a classic phishing attack.
It was business email compromise through long-term mailbox access.
The attacker had visibility for weeks.
They observed:
Communication tone between finance and operations.
Approval hierarchies.
Payment thresholds that required executive sign-off.
Timing patterns around month-end transfers.
When the right moment arrived, they changed banking details inside an ongoing email thread. No suspicious link was required. No malware attachment was delivered.
The attacker was already inside the mailbox session.
Modern Business Email Compromise (BEC) attacks are less about deception at scale and more about surveillance and precision.
Organizations typically protect login events with strong authentication controls. However, once a mailbox session is active:
Can emails be silently forwarded externally?
Can financial documents be bulk downloaded?
Can the session operate from unmanaged devices?
Is abnormal behavior detected inside the live session?
If email is the backbone of financial approval workflows, session governance becomes a financial control — not just a security control.
If your finance team depends entirely on trusted inbox sessions, it is worth asking how those sessions are technically constrained.
Strengthen your session and control framework - contact CySecPros for a confidential discussion.
.svg)
