THE 2024 STATE OF PHISHING REPORT IS PUBLISHED!  READ THE REPORT HERE

Attack Vectors

Prevent Business Email Compromise

Perception Point’s AI-powered solution stops BEC and impersonation attacks, the fastest growing, costliest social engineering threat from reaching the organizations’ weakest security link – the end-user.

Impersonation-based attacks like BEC are text-only emails, sent from a known entity and contain no malicious payload. Threat actors leverage spoofed domains and compromised accounts to be perceived as legitimate by the employees and trick them into transferring money or sharing sensitive information. Cyber attackers view BEC as a low-risk high-reward vector to steal large amounts of cash from victims.

graphic of squares
multi layer platform bec

BEC Attacks, Highly Evasive & Super Expensive​

Threat Evolution

Threat Evolution

Social-engineering threats are evolving at a rapid pace and become more sophisticated and difficult to detect by traditional security gateways that were designed to filter out spam or malicious links and attachments.

GenAI-powered

Advances in Generative Artificial Intelligence (GenAI) technology are dramatically contributing to BEC growth and success rate by automating and scaling distribution, making them far more convincing, and better exploit human vulnerabilities. 

Costlier Than Ever

Costlier Than Ever

According to the FBI’s Internet Crime Complaint Center report (IC3), in 2023 alone, BEC scams led to $2.9 billion in damages (increased from $1.86B in 2020) – surpassing even ransomware.

BEC Types & Potential Targets

Vendor Email Compromise

Vendor Email Compromise

The attacker impersonates a trusted vendor or supplier of the company and requests payment for a fake invoice or notifies a change in bank account details to siphon future payments.

Targets: CFO, procurement, accounts payable.

Executive Impersonation

Executive Impersonation

The attacker impersonates a high-ranking executive, often the CEO, and requests an urgent money transfer (e.g. “gift card scam”) or sensitive information.

Targets: financial department, executive assistants.

Thread Hijacking

Thread
Hijacking

An ongoing email conversation or thread is taken over by the attacker, who waits for the right moment to strike/jump in when a payment opportunity presents itself.

Targets: any employee involved in externally facing email conversations with sensitive content or financial implications

External Account Takeover

External Account Takeover

A vendor’s account is hacked and used to request payments or sensitive data from business partners or customers. This Supply Chain Attack is highly dangerous because the attackers have access to sensitive data that they can leverage and their fraudulent email originates from a legitimate account.

Targets: any employee, particularly those with access to sensitive data or financial authority

Enterprise-grade Security Against BEC Attacks

Perception Point’s Advanced Email Security leverages a multitude of proprietary ML algorithms and AI models aiming to prevent any type of BEC and impersonation technique including the CEO Fraud, Vendor Email Compromise, Due Invoices, Thread Hijack, and more.

Our NLP and GenAI engines deeply understand the organization’s business relationships and communication patterns while advanced content-analysis algorithms recognize anomalies and identify evasion maneuvers aimed to trick the end-users into wrongfully paying or disclosing sensitive data. 

How Perception Point Prevents Sophisticated BEC Attacks

Supply-Chain Recognition

Analyzing business communications to automatically identify the domains of the organization’s business partners, trusted vendors, etc.

GenAI Decoder™

LLM-based model recognizes the unique patterns in AI-generated text produced by platforms like ChatGPT, Google Bard, WormGPT, etc. and detects any social engineering attempt.

Content & Anomaly Analysis

Advanced NLP algorithms extract sensitive content (PII), recognize entities (NER), analyze email metadata, identify changes in tone and sentiment associated with fraud and undo textual-evasion techniques.

Advanced Anti-Spoofing

Laser focused engines against spoofing attacks, domain lookalike and thread hijacking attempts, including IP reputation, SPF, DKIM and DMARC record checks, and domain-correlation algorithms.

24/7 Human Insight

An all-included team of cybersecurity experts constantly optimize the platform’s detection engines, create new AI/ML algorithms on the fly and hunt for false positives around the clock.

TALK TO SALES

Ready to Try
Perception Point?

Learn More