The Only Comprehensive Email Security Solution for Types 1, 2, 3 & 4 Business Email Compromise Phishing

In just one 12-week period, Area 1 intercepted over $233 Million in Active BEC Fraud for customers.
How many BEC attacks will Area 1 stop for you?
Your Challenge:
- Modern fraud and phishing attacks rely on highly targeted, 1:1 social engineering – not malicious links or malware — making these attacks difficult for your email providers and gateways to detect
- Traditional SEGs, Office 365, G Suite and other defenses routinely miss over 30% of attack campaigns such as BEC — and create more work for SOC teams
Our Solution:
- Uniquely stopes all four Gartner-defined BEC phishing types — including Type 3 “long con,” account-takeover BECs and Type 4 supply chain phishing BECs
- Provides a unique machine + human approach to Active Fraud Prevention across all threat vectors: email, social, web and network
- Extends protection to your trusted partners via partner social graphing to stop BEC fraud in progress
Get the Only Comprehensive Email Security Solution for BEC
The Business Email Compromise Phishing Evolution
Today Business Email Compromise phishing falls into four categories: Type 1 (Basic), Type 2 (Advanced), and Type 3 and 4 (Sophisticated). Since traditional email inspection techniques are ineffective at detecting Business Email Compromise phishing, least of all Type 3 and 4 attacks, it’s important to understand the differences between Type 1, 2, 3 and 4 Business Email Compromise phishing, why they get past SEGs and cloud email suites, and what’s required to successfully defend against all Business Email Compromise attacks.
Type 1 Business Email Compromise – Also known as CEO fraud or CXO impersonation, this externally sourced BEC attack type impersonates (“spoofs”) someone of power inside an organization (typically the CEO, CFO, or other C-level executive), bypasses email authentication and gateways, and contains a financial-based call to action.
Type 2 Business Email Compromise – A technique beginning around 2017, this attack type looks like a Type 1 Business Email Compromise attack, but comes from inside the organization, spoofing an employee through a compromised account obtained by the attacker through earlier phishing attempts and subsequent account takeovers. These attacks easily bypass traditional email security’s reputation and sender checks, as well as email gateways and cloud-suite defenses.
Types 3 & 4 Business Email Compromise – These BEC attacks rely on account takeovers and spoofing of trusted supply chain partners respectively, making these attacks the most difficult to detect and most financially damaging. Area 1 excels at detecting all categories of BEC, but is the only solution proven to catch the sophisticated, long-con Types 3 & 4 BEC fraud commonly missed by legacy email security systems.
How an S&P 100 Consumer Goods Leader Keeps its Inboxes BEC-Free
Their Challenge:
-
-
A multibillion-dollar S&P 100 CPG brand had users clicking on malicious links or falling for BEC, credential harvesting, brand spoofing, and other phish
-
Their IT team frequently spent time “tuning” their gateways and adding rules to block messages after attacks on executives
-
End users were accessing web-based phishing sites
-
Our Solution:
-
-
Eight million email & web-based phishing attacks blocked in just one year
-
Business Email Compromise attacks intercepted before reaching executives, Board members and employees
-
No more time wasted on “tuning” email security rules and blocklists
-
Transparent, granular metrics to report ROI to the Board
-
Your Definitive Guide to BEC Prevention
The FBI says BEC phishing cost U.S. businesses $1.7 billion in 2019. But based on the amount of BEC phishing Area 1 regularly intercepts, actual BEC losses are significantly underreported. To learn more about how to proactively identify and prevent BEC phishing, check out these resources below.
REPORT | Gartner 2020 Market Guide for Email Security
- Why to “Invest in anti-phishing technology that can accurately detect BEC and account takeover attacks”
- Why to revisit your email security architecture in the light of current email threats such as BEC
WEBINAR | Business Partner, Compromised?
- Why your cloud-based remote workforce is more susceptible to BEC phishing
- How to solve for BEC from compromised suppliers vs. spoofed executives
- How to stop all four Gartner-defined BEC phishing types
EBOOK | The Long Con: A Guide to BEC 3.0
- The anatomy of the different types of BECs — and how each type evades email gateways, DMARC and other defenses
- How “long con” BEC compromises suppliers first, then targets your functional employees over weeks or months
- The six weapons needed to block all types of BEC

WHITE PAPER | The Weakest Link? Solving Supply Chain Phishing Attacks
- Why attackers exploit an organization’s suppliers, partners and vendors
- Examples of ATO attacks blocked by Area 1
- How Area 1’s analytics understand the authenticity of messages across 7 supply chain phishing use cases