Security News > 2022 > November > “Gucci Master” business email scammer Hushpuppi gets 11 years
An open ben, or "Open beneficiary", is explained by the investigator as "An account where a different business account name can be substituted to help in deceiving the victim into sending funds."
Presumably, the money launderer's contacts - other cogs in the cybercrime gearbox who send out so-called money mules to open accounts that are later used for fraud - were pushing back against the "Cost" of going through face-to-face KYC checks to open accounts that ended up getting linked to criminality right away.
BEC criminals can target the compromised company directly, by tricking someone in your own Accounts Payable department into thinking that a supplier just swapped banks and is requesting their forthcoming payments to be made to a new account.
Worse still, BEC crooks can target your customers, by tricking their Accounts Payable staff, under cover of fraudulent emails that really do originate from your company, that your company has switched banks and requires future debtor payments to go to a new account.
Turn on two-factor authentication so that a password alone is not enough to access your accounts, especially email.
Don't let the crooks get away with slip-ups such as spelling mistakes or unlikely errors that ought to give them away - one Naked Security commenter reported catching a scammer red-handed simply because the crook used an emoji where they felt certain that the true owner of the email account would have spelled out the meaning in full.