Download a free BEC ebook to learn more about:
- Attack Techniques: How BEC camouflages itself to spoof display names, domains and more
- Bank-breaking Trends: What BEC is costing businesses like yours
- Difficulty of Detection: Why BEC evades spam filters, DMARC and DKIM
Prepared for Your Executives to Get Spoofed?
In the U.S. alone, businesses have been hit with nearly $9 billion in attempted Business Email Compromise (BEC) phishing theft since 2016. BEC attacks are:
-
-
Socially Engineered: Also known as CEO Fraud or Imposter Attacks, BEC ‘spoofs’ a known executive or employee to convince the recipient to wire money, attach information to an email, and more.”
-
Simple: Operating without links or attachments, BEC doesn’t need to take over an account or computer to cause major damage.
-
Successful: at Evading Other Defenses: BEC messages look like any other normal business message. They evade traditional detection engines and ‘security aware’ employees – but not Area 1’s defenses.
-
Gartner calls out BEC anti-phishing as a Top 10 security project to address the changing needs of cybersecurity and reduce risk, and names Area 1 Security as a “state of the art” technical control that stops BEC phishing.
Stop the BEC Phish Other Defenses Miss
Like other types of phishing attacks, BEC emails evade legacy perimeter defenses, which only offer protection from known, active campaigns, and focus on heavy payloads.
The key to reliably blocking BEC phish is Area 1’s advanced email analysis techniques, which evaluate both the origin and the context of the email, to proactively detect and block an imposter email.
Area 1’s unique approach includes:
- Automated detection of inbound email that purports to be from an executive, employee, or domain that is at risk for impersonation. Using sophisticated matching techniques, Area 1 correctly identifies suspicious email for deep analysis.
- Advanced sender, domain and content analysis in combination with infrastructure association – which is more effective than relying on email authentication (SPF, DKIM or DMARC).
- Proactive detection of new phishing infrastructure – Area 1 has built the industry’s largest attack data warehouse, which discovers the sites that hackers are compromising, as well as the IPs and domain infrastructure they’re establishing – before BEC attacks are launched.
- Fast, scalable performance – Unlike appliance-based SEGs, Area 1’s cloud-native architecture is capable of detecting BEC at scale – and staying ahead of threat actors – without impacting email performance or reliability.
Don’t let your executives and employees get spoofed. Use Area 1 to automate protection against BEC attacks.
How Area 1 Customers Keep Their Inboxes BEC-Free
LendingHome, the fast-growing fintech startup, enjoys the benefits of cloud-based Gmail. But their defenses kept missing fraudulent emails carrying BEC, ransomware, the Google Docs worm, and other phish. And training couldn’t prevent every employee from clicking malicious links.
Learn how Area 1 closed the phishing gap for LendingHome, with a seamless defense that detects, disables and defeats BEC