What Is Business Email Compromise, How Does It Work, And How Can You Stay Protected?

What Is Business Email Compromise?

BEC involves a bad actor impersonating a high-level executive, employee, or trusted supplier via email, to attempt to trick unsuspecting employees into paying fake invoices or leaking sensitive information.

These attacks aren’t uncommon. In fact, 35% of organizations said that more than half of all attacks they faced within the past year were related to BEC and phishing.

While BEC comes in many different forms, an attack is typically carried out in one of two ways:
‍
- Account compromise: Where an attacker gains access to an employee’s email account via a phishing attack, and sends fraudulent emails from that account to their contacts.
‍
- Domain spoofing: Where an attacker registers a lookalike domain to impersonate an employee and emails unsuspecting colleagues from that domain.
‍
Emails sent typically ask their recipient to perform some kind of action—like paying an invoice, purchasing gift cards, or leaking sensitive spreadsheets/documents—and they’re usually described as “urgent” to create a sense of panic for the recipient.

How Constant Edge Stops Business Email Compromise

How Constant Edge protects against Business Email Compromise

How Constant Edge delivers effective protection against BEC.

Our solutions sit in front of your email network, checking all inbound and outbound emails for signs of malicious content that indicate a business email compromise scan is taking place.
‍
We also scan emails inside the inbox, and highlight to users when an email doesn’t look right, either because the sender is using a name we recognize, but an email address that isn’t familiar, or because a new contact has got in touch with a request that our machine learning technologies find suspicious.

In addition, our solutions allow end users to report suspected BEC attacks which, according to admin policies, will automatically mark the email as suspicious for all recipients. Admins can instantly quarantine or delete these suspicious email messages.

Constant Edge Business Email Compromise Protection Features

Email Filtering

Dynamically detect and block business email compromise attacks with effective email filtering and analysis of sender domains.

DMARC Enforcement

Enforce email authentication standards, such as SPF, DMKIM, and DMARC to minimize email spoofing risks.

URL and Attachment Sandboxing

Multi-layered sandboxing of URLs and attachments, leveraging data from over 60 antivirus engines to detect malicious emails.

End-User Reporting

End users can report suspicious messages from their inbox. Admins get instant visibility into reports, and can instantly quarantine emails, even after delivery.

BEC Protection Inside The Inbox

Machine learning algorithms build a unique profile for every user to help detect BEC attacks in real time, inside the email network.

Protection Across All Devices

Protect against business email compromise on any device with cloud-based two-click API integration for O365 and Google Workspace.

Mike Waskosky

Road Machinery & Supplies Co.

“I used to get five calls a week from our users saying: “I clicked on a link in a phishing email and gave them my password!" Now we have Constant Edge in place, we haven't had a single one of those emails."

threat

Business Email Compromise