Attack Vectors

Business Email Compromise (BEC) Attacks

The fastest growing type of phishing scam, business email compromise (BEC) occurs when cyber attackers impersonate company owners or executives to trick employees into transferring large sums of money or revealing confidential data.

 

Attackers accomplish this by using a variety of techniques that manipulate users into sending money or data.

 

BEC attacks are on the rise in both frequency and damage. In 2020, the FBI Internet Crime Complaint Center (IC3) received nearly about Business Email Compromise with reported losses due to BEC increased from $1.29 billion in 2018 to $1.86 billion in 2020.

 

Here’s what you need to know to help secure your business email.

Prevent BEC Attacks Today
graphic of squares

BEC: Targeting the Weakest Security Link

Impersonation-based attacks are a growing challenge as attackers are leveraging the fact that in the fast-paced modern enterprise, employees are the weakest link in the security chain. Distracted and easily accessible, attackers are simply tricking them into making mistakes.

While legacy security systems have been developed over many years to prevent malicious files and URLs, the trouble is that all or part of most BEC attempts are text-based and do not contain a malicious payload. Rather, they leverage well-researched and sophisticated social-engineering techniques to slip by the unsuspecting user, making traditional email security solutions irrelevant.

multi layer platform bec

The BEC Kill Chain for Email Spoofing

graphic of a square

Step 1

Reconnaissance and Weaponization

Attacker targets a company and its executives in order to impersonate them or their brand (e.g. creates fake domain that looks very similar).
circles with lines connecting

Step 2

Delivery

Attacker transmits emails that impersonate company personnel to other company users.
graphic of page on computer

Step 3

Exploitation

Users interact with fake emails and act according to attackers’ instructions.
skull icon going into a box

Step 4

Actions on Objective

Attacker obtains personal and business information or gains financially due to deceiving users.

Our Anti-BEC Technology

Perception Point developed unique algorithms aiming specifically to prevent any type of impersonation technique, including the CEO Fraud, the Lawyer Fraud, the Fake Invoices, and more.

 

The Machine Learning-based technology inspects all relevant data and metadata to identify any deviation from standard operations and to detect suspicious content well ahead it reaches the end user which might be tricked to act wrongfully.

Our Advantages

Advanced Anti-Spoofing Engines

Laser focused engines against spoofing attacks, such as IP reputation, SPF, DKIM and DMARC record checks, as well as Machine Learning algorithms.

Holistic Threat Prevention

Market leading detection of all types of impersonation attacks executed via malicious files, URLs and
social-engineering techniques.

Scanning 100%
of Traffic

We detonate and dynamically check every single bit of content – emails, files, URLS – to guarantee security at any scale and not letting one email go past unscanned.

Next Gen
Anti-evasion

Proprietary engines reveal embedded flies and URLs to deeply scan content and prevent evasion techniques.

Prevent BEC Today

TALK TO SALES

Ready to Try
Perception Point?

Learn More

Operation Red Deer

Outing Aggah’s Sophisticated Tactics, Techniques and Procedures (TTPs) Targeting Israel
learn MORE

Securing Safari Browsers with Perception Point’s New Safari Extension

In this blog, we review how you can enhance your browser security with Perception Point’s new extension for Safari.
learn MORE

Behind the Attack: Account Takeover (ATO)

In this blog we explore the kill chain of a compromised mailbox, after a user has undergone an Account Takeover (ATO) attack.
learn MORE

AI: The Double-Edged Sword of Cybersecurity

Attackers are using AI in their cyber offense, but cybersecurity leaders can also take advantage of AI in their defense.
learn MORE

Hackers Use Password-Protected OneNote Files to Spread Malware

In this blog, we explore a new attack in which threat actors exploit encrypted OneNote documents to deliver malware.
learn MORE

What Goes “App” Could Take You Down

Files “are like a box of chocolates, you never know what you’re going to get”. In this blog, we cover the risks of malicious file uploads to web apps and the best practices to prevent them.
learn MORE
Our blog
Request Demo

© 2023 Perception Point Inc. All rights reserved.