Attack Vectors
Prevent Business Email Compromise with Perception Point
Perception Point’s AI-powered solution stops BEC and impersonation attacks, the fastest growing, costliest social engineering threat from reaching the organizations’ weakest security link – the end-user.
Impersonation-based attacks like BEC are text-only emails, sent from a known entity and contain no malicious payload. Threat actors leverage spoofed domains and compromised accounts to be perceived as legitimate by the employees and trick them into transferring money or sharing sensitive information. Cyber attackers view BEC as a low-risk high-reward vector to steal large amounts of cash from victims.
BEC Attacks, Highly Evasive & Super Expensive
Threat Evolution
Social-engineering threats are evolving at a rapid pace and become more sophisticated and difficult to detect by traditional security gateways that were designed to filter out spam or malicious links and attachments.
GenAI-powered
Advances in Generative Artificial Intelligence (GenAI) technology are dramatically contributing to BEC growth and success rate by automating and scaling distribution, making them far more convincing, and better exploit human vulnerabilities.
Costlier Than Ever
According to the FBI’s Internet Crime Complaint Center report (IC3), in 2023 alone, BEC scams led to $2.9 billion in damages (increased from $1.86B in 2020) – surpassing even ransomware.
BEC Types & Potential Targets
Vendor Email Compromise
The attacker impersonates a trusted vendor or supplier of the company and requests payment for a fake invoice or notifies a change in bank account details to siphon future payments.
Targets: CFO, procurement, accounts payable.
Executive Impersonation
The attacker impersonates a high-ranking executive, often the CEO, and requests an urgent money transfer (e.g. “gift card scam”) or sensitive information.
Targets: financial department, executive assistants.
Thread
Hijacking
An ongoing email conversation or thread is taken over by the attacker, who waits for the right moment to strike/jump in when a payment opportunity presents itself.
Targets: any employee involved in externally facing email conversations with sensitive content or financial implications
External Account Takeover
A vendor’s account is hacked and used to request payments or sensitive data from business partners or customers. This Supply Chain Attack is highly dangerous because the attackers have access to sensitive data that they can leverage and their fraudulent email originates from a legitimate account.
Targets: any employee, particularly those with access to sensitive data or financial authority
Enterprise-grade Security Against BEC Attacks
Perception Point’s Advanced Email Security leverages a multitude of proprietary ML algorithms and AI models aiming to prevent any type of BEC and impersonation technique including the CEO Fraud, Vendor Email Compromise, Due Invoices, Thread Hijack, and more.
Our NLP and GenAI engines deeply understand the organization’s business relationships and communication patterns while advanced content-analysis algorithms recognize anomalies and identify evasion maneuvers aimed to trick the end-users into wrongfully paying or disclosing sensitive data.
How Perception Point Prevents Sophisticated BEC Attacks
Supply-Chain Recognition
GenAI Decoder™
LLM-based model recognizes the unique patterns in AI-generated text produced by platforms like ChatGPT, Google Bard, WormGPT, etc. and detects any social engineering attempt.
Content & Anomaly Analysis
Advanced Anti-Spoofing
Laser focused engines against spoofing attacks, domain lookalike and thread hijacking attempts, including IP reputation, SPF, DKIM and DMARC record checks, and domain-correlation algorithms.
24/7 Human Insight
An all-included team of cybersecurity experts constantly optimize the platform’s detection engines, create new AI/ML algorithms on the fly and hunt for false positives around the clock.
