Proofpoint has written a blog discussing the various social engineering tactics utilized in BEC attacks, through the lens of 10 different open-source attacks. Common themes between all the examples utilized include comprehensive reconnaissance and quickly gaining trust.
Proofpoint-recommended mitigations against BEC attacks include detecting BEC before users can interact with them, empowering users to report suspicious details early and often, and understanding the network to better understand BEC risks. WaterISAC recommends members review the example attacks to determine if this sort of activity has happened or could happen at their organization, as well as how vulnerable their constituents would be to such tactics. Read more at Proofpoint.