Business Email Compromise (BEC) Protection

Phish Protection Technology Protects Against BEC

What is business email compromise (BEC)?

BEC, also known as CEO impersonation, is defined as “a form of phishing attack where a cybercriminal impersonates an executive and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher.” BEC attacks usually begin with a cybercriminal successfully phishing an executive to gain access to their email inbox.

Often times malware or ransomware intrusions immediately precede a BEC incident. Those intrusions are usually facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link.

There are actually five forms of BEC

According to the FBI’s Internet Crime Complaint Center (IC3), there are five main scenarios by which BEC is perpetrated.

Bogus Invoice Scheme When a business, which has a long standing relationship with a supplier, is requested to wire funds for invoice payment to an alternate, fraudulent account.

CEO fraud When the compromised email account of a high level executive is used to request a wire transfer to a fraudulent account.

Account compromise When an employee of a company has their email account compromised and it’s then used to request repayment of an invoice by a customer to a fraudulent account.

Attorney impersonation When victims are contacted by fraudsters identifying themselves as lawyers and are pressured into transferring funds to a fraudulent account.

Data theft When fraudulent e-mails are used to request either wage or tax statement (W-2) forms or a company list of personally identifiable information (PII).

BEC is a growing problem even for small businesses

According to the IC3, “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”

Account compromise is the most common type with smaller businesses since it requires a billing structure that is managed primarily through email. The bottom line is just because you run a small business doesn’t mean you’re not susceptible to BEC.

Tools used to target and exploit victims

Hackers which engage in BEC use a variety of techniques to target and exploit their victims. They include the following:

  • Spoofing: using an email address that looks like a legitimate email address and tricks the victim into thinking it came from someone it didn’t.
  • Spear phishing: using an email to target a specific individual in a company to obtain confidential information to be used in one of the BEC scenarios.
  • Malware: secretly installing malicious software on the victim’s computer to infiltrate a company’s network and gain access to confidential information to be used in the BEC scam.
  • Social engineering: using psychological manipulation to get targets to divulge confidential information that will later be used in BEC.


Preventing BEC requires advanced technology

The techniques used to perpetrate BEC can be mitigated with Phish Protection’s advanced phishing technology. To prevent domain name spoofing, Phish Protection creates a customized list of domain names that could potentially be used to spoof your email and adds them to a blocked list so your employees never receive them.

To provide phishing and malware protection, Phish Protection scans all email attachments for threats including executable files and files with embedded macros and scripts. Suspicious attachments are quarantined so end users are never given the chance to open them.

Most spear phishing attacks begin with a malicious link embedded in an email. Phish Protection protects against spear phishing by checking all embedded email links. They are checked not only upon arrival, but every time they’re clicked.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes