Attack Vectors

Business Email Compromise (BEC) Attacks

The fastest growing type of phishing scam, business email compromise (BEC) occurs when cyber attackers impersonate company owners or executives to trick employees into transferring large sums of money or revealing confidential data. Attackers accomplish this by using a variety of techniques that manipulate users into sending money or data.

 

BEC attacks are on the rise in both frequency and damage. In 2020, the FBI Internet Crime Complaint Center (IC3) received nearly about Business Email Compromise with reported losses due to BEC increased from $1.29 billion in 2018 to $1.86 billion in 2020. Here’s what you need to know to help secure your business email.

graphic of squares

BEC: Targeting the Weakest Security Link

Impersonation-based attacks are a growing challenge as attackers are leveraging the fact that in the fast-paced modern enterprise, employees are the weakest link in the security chain. Distracted and easily accessible, attackers are simply tricking them into making mistakes.

 

While legacy security systems have been developed over many years to prevent malicious files and URLs, the trouble is that all or part of most BEC attempts are text-based and do not contain a malicious payload. Rather, they leverage well-researched and sophisticated social-engineering techniques to slip by the unsuspecting user, making traditional email security solutions irrelevant.

multi layer platform bec

The BEC Kill Chain for Email Spoofing

graphic of a square

Step 1

Reconnaissance and Weaponization

Attacker targets a company and its executives in order to impersonate them or their brand (e.g. creates fake domain that looks very similar).
circles with lines connecting

Step 2

Delivery

Attacker transmits emails that impersonate company personnel to other company users.
graphic of page on computer

Step 3

Exploitation

Users interact with fake emails and act according to attackers’ instructions.
skull icon going into a box

Step 4

Actions on Objective

Attacker obtains personal and business information or gains financially due to deceiving users.

Our Anti-BEC Technology

Perception Point developed unique algorithms aiming specifically to prevent any type of impersonation technique, including the CEO Fraud, the Lawyer Fraud, the Fake Invoices, and more.

 

The Machine Learning-based technology inspects all relevant data and metadata to identify any deviation from standard operations and to detect suspicious content well ahead it reaches the end user which might be tricked to act wrongfully.

Our Advantages

Advanced Anti-Spoofing Engines

Laser focused engines against spoofing attacks, such as IP reputation, SPF, DKIM and DMARC record checks, as well as Machine Learning algorithms.

Holistic Threat Prevention

Market leading detection of all types of impersonation attacks executed via malicious files, URLs and
social-engineering techniques.

Scanning 100%
of Traffic

We detonate and dynamically check every single bit of content – emails, files, URLS – to guarantee security at any scale and not letting one email go past unscanned.

Next Gen
Anti-evasion

Proprietary engines reveal embedded flies and URLs to deeply scan content and prevent evasion techniques.

TALK TO SALES

Ready to Try
Perception Point?

Learn More