Business Email Compromise Prevention: Stop Email Impersonation

Business Email Compromise

Business Email Compromise (BEC) scams like executive spoofing deceive people into believing they're interacting with a trusted sender—no malware or malicious links required.

What is Business Email Compromise?

Patrick Peterson, Agari's Founder, discusses the tactic of identity impersonation for business email compromise (BEC) attacks, such as executive spoofing.


Anatomy of an Attack

Business Email Compromise comes in many forms. These are sham security alerts, last-minute payment requests, bogus past-due statements, fraudulent wiring instructions, and more. BEC and phishing scams continue to be the primary attack vectors into organizations—and in 2021 alone, over $44 million in losses were a direct result of successful phishing campaigns and social engineering scams.


PHASE 1: Preparation

Build Target List

Cybercriminals start by building a target list, often using business contact databases, mining LinkedIn profiles, and even scouring the target's website to identify key individuals and relationships.

The Agari Advantage




Modeling Sender Trust & Email Authenticity

Focusing on content and infrastructure analysis doesn’t work against BEC, since no malicious payloads are used and they can be launched via reputable email services.

Agari carefully inspects each incoming email, analyzing the human relationships and behaviors. By understanding the identities behind the message, Agari spots the anomalous BEC behaviors preventing the attack from reaching the inbox.

Becoming More Effective Every Day

BEC attacks are constantly evolving within the business and individual user environments, so it’s not enough to keep up with the latest malicious tactics—you need to stay one step ahead of threat actors.

Agari detects threats and prevents the latest BEC tactics, including display name deception, spoofing, and lookalike domains. In addition, Agari baits cybercriminals into giving up unique insights to ensure that our customers are protected from future attacks.


Automated Partner & Supplier Fraud Prevention

Cybercriminals often pose as a trusted supplier or partner in order to conduct invoice fraud, real estate scams, or other common BEC attacks.

Agari automatically models the identities of your business partners, their relationships, and behaviors to auto-generate protection policies. This hands-free approach protects your employees from the modern attacks of today and those we anticipate through predictive insights into the future.

See Agari Phishing Defense In Action

Try this product tour to see why companies including Chevron, Upwork, and Informatica use Agari Phishing Defense to protect their inboxes.