Business Email Compromise (BEC or Phishing) is not a new term. BEC scams have been growing in popularity for some time now. If you’re not familiar with BEC, it’s when a fraudulent email is sent to a company or individual, and the email appears to be from a legitimate business resource or person, often varying from the legitimate email address by just a letter or two. There may be instructions within the scam email for the recipient to transfer money, purchase gift cards, click on a malicious link, or perform some other activity at the behest of the sender. Unfortunately, BEC scams often put the recipient at a disadvantage because they see the name or title of the sender and react quickly, or are hesitant to question authority.So, what’s the secret sauce that cybercriminals use across the board when launching their attacks on unsuspecting victims? According to a recent report from Barracuda, it’s surprisingly simple and straightforward: legitimate email accounts.Let’s elaborate on that. Barracuda found that hackers launched 100,000 BEC attacks on over 6,000 organizations by using 6,170 legitimate email accounts (which of course, were created with malicious intent). We’re talking Gmail, AOL, and other verified email services.The report further outlines the details of the attacks, identifying that 45% of the BEC attacks since April of 2020 were carried out with these email accounts. It appears that Gmail is the platform of choice with 59% of the accounts originating there. This may be a result of the cost to create an account (it is free), the ease of registration of a new account, and the solid reputation that a company like Google carries – meaning it is much more likely to pass through security filters.