Home / Services / Business Email Compromise (BEC) Response

Business Email Compromise (BEC) Response

Investigate and remediate compromised email accounts before the wire transfer clears

Request a Quote View all services
Business Email Compromise (BEC) Response ASSESSMENT
2
CRITICAL
6
HIGH
11
MEDIUM
5
LOW
External perimeter testingPASSED
Application security testingPASSED
Remediation verificationIN PROGRESS
Final report deliveryPENDING
Overview

What This Engagement Covers

A comprehensive assessment tailored to your environment.

BEC is still the number-one cause of cyber-related financial loss. We contain the compromise, trace the attacker's activity, coordinate with your bank when funds are in flight, and harden the tenant.

Our Process

What We Test & How

What We Test

Compromised Microsoft 365 / Google Workspace accounts, forwarding rules, OAuth grants, session tokens, delegated permissions, and downstream fraud attempts.

Our Approach

Immediate account containment, evidence preservation, tenant-wide forensic review, and hardening of identity controls. We coordinate with counsel and financial institutions when wire fraud is involved.

Deliverables

What You'll Receive

Everything included in your engagement report.

Immediate account containment

Forensic review of mailbox activity

Detection of attacker-created rules and grants

Tenant-wide compromise assessment

Financial fraud coordination support

Identity hardening recommendations

Written incident report

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

1

Account containment and token revocation

2

Mailbox audit log analysis

3

OAuth grant and app consent review

4

Forwarding rule and delegation audit

5

Tenant-wide anomaly hunt

6

Identity control hardening

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Malicious inbox rules hiding replies Attacker-granted OAuth applications MFA bypass via legacy auth Token theft via phishing Wire fraud via thread hijacking Gift card scams
Who It's For

Ideal For

Active BEC / account compromise
Suspected invoice fraud
Pre-incident M365/Google hardening reviews
Compliance

Standards We Support

SOC 2 PCI-DSS HIPAA GDPR

Ready to Get Started?

$12,500

Typical engagement: 1-3 weeks per incident

Request a Quote
More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Web Application Penetration Testing

Comprehensive security assessments of your web applications

Starting at $7,500 Learn more

API Penetration Testing

Secure your REST, GraphQL, and SOAP APIs

Starting at $7,500 Learn more

Active Directory & Domain Penetration Testing

Assess your Windows domain infrastructure security

Starting at $10,000 Learn more
Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation

Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!