Request Free Trials Phone:302.266.1272

BEC - Business Email Compromise

Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets a business to defraud the company. Business email compromise is a large and growing problem that targets organizations of all sizes across every industry around the world. BEC scams have exposed organizations to billions of dollars in potential losses.

Email account compromise (EAC), or email account takeover, is a related threat that is accelerating in an era of cloud-based infrastructure. EAC is often associated with BEC because compromised accounts are used in a growing number of BEC-like scams (though EAC is also the basis of other kinds of cyber attacks).

Proofpoint is the only vendor that provides you with an end-to-end, integrated solution to combat business email compromise (BEC). Proofpoint addresses various tactics used in email fraud attacks, such as use of impersonated supplier domains, reply-to pivots, domain spoofing, display name spoofing, and look-alike domains.

The integrated Proofpoint platform uses Advanced BEC Defense, our ML/AI-powered BEC detection engine, to detect and stop email fraud attack more effectively. With it, you can detect sophisticated supply chain fraud attacks that often lead to large financial losses. And you get training to help your users spot identify deception. You also gain brand protection in BEC scams with DMARC authentication. With this integrated platform, you get visibility across multiple threat vectors, including your supply chain, and automated threat detection and response.

Types of Business Email Compromise

The FBI defines 5 major types of BEC scams:

  • CEO Fraud: Here the attackers position themselves as the CEO or executive of a company and typically email an individual within the finance department, requesting funds to be transferred to an account controlled by the attacker.
  • Account Compromise: An employee’s email account is hacked and is used to request payments to vendors. Payments are then sent to fraudulent bank accounts owned by the attacker.
  • False Invoice Scheme: Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and request fund transfers to fraudulent accounts.
  • Attorney Impersonation: This is when an attacker impersonates a lawyer or legal representative. Lower level employees are commonly targeted through these types of attacks where one wouldn’t have the knowledge to question the validity of the request.
  • Data Theft: These types of attacks typically target HR employees in an attempt to obtain personal or sensitive information about individuals within the company such as CEOs and executives. This data can then be leveraged for future attacks such as CEO Fraud.
Back to Top