Protect Your Organization From Business Email Compromise
Learn more about Business Email Compromise, how it works and why you’re vulnerable
What is Business Email Compromise?
Business Email Compromise (BEC), also known as CEO fraud, is a sophisticated email attack in which a criminal sends targeted emails to an organization’s employees. These emails, which appear to come from a key figure, ask the recipients to transfer funds or send information. The last few years have seen a dramatic upswing in BEC attacks, fueled by the tremendous profits these attacks generate. In fact, according to the FBI, losses from BEC attacks have spiraled out of control, increasing by 2,370% in the two years preceding December 2016. Examples of companies that have fallen for BEC attacks include FACC, Mattel, Snapchat and Ubiquity.
How BEC Attacks Work
In a typical BEC attack, an email is sent to the CFO of a company purported from the CEO of the company, asking the CFO to make a financial transfer. It may also be an email appearing to come from a key employee, asking a person in HR for confidential employee tax information.
As soon as the money is wired or the information is sent, the attackers can do what they want – from transferring the money to a different account to filing fictitious tax returns on behalf of these employees.
All successful BEC attacks feature identity deception.
They masquerade as a key figure within a company to exploit the trust of employees.
How BEC Attacks Evade Your Defenses
As BEC attacks rarely include malicious attachments or high-risk URLs, they are able to bypass email security defenses that look for malicious content. Instead, they use clever social engineering techniques to target organizations and their employees, to make these attacks much more credible — and much more successful.
The Solution – Agari Enterprise Protect
Agari Enterprise Protect is used by leading Fortune 1000 companies to proactively protect their enterprises and employees from costly BEC attacks that result in financial damage and compromised employee personal information.
Unlike other solutions that attempt to detect malicious content or use basic authentication mechanisms, Enterprise Protect leverages comprehensive insight into sender identities. By applying expert systems and machine learning to develop and apply trust and authenticity models, it identifies, isolates and stops email attacks that rely on identity deception.
These models are driven by the Agari Email Trust Platform™, the only solution that verifies trusted email identities based on insight into 10 billion emails per day.