Business email compromise is anything but awesome. According to the FBI, in 2020 cybercriminals cost US companies 2 billion through exploitation of business email systems.

I started an Awesome list to try and compile all of the links that I had previously just kept in my head for reference when doing a BEC investigation. It’s still very much a work in progress, and I hope people a) find it useful and b) contribute to it to make it even better.

You can see the nice looking version here, and if you’d like to contribute please send pull requests and issues here.

I haven’t had a chance to add summaries/descriptions of the links referenced, and I’m considering adding a couple of other sections related to hunting for phishing emails (typically how a BEC has occurred in my experience) as well as email header analysis.

Keen for contributions and hope it helps people!