Search Close

Anatomy of an Attack

Business Email Compromise comes in many forms. These are sham security alerts, last-minute payment requests, bogus past-due statements, fraudulent wiring instructions and more. Ninety-six percent of businesses have been hit, to the tune of $12.5 billion in losses since 2013. And the danger grows daily.

Phase 1
Build Target List

Cybercriminals start by building a target list, often using business contact databases, mining LinkedIn profiles, and even scouring a the targets' website to identify key individuals and relationships.

Phase 2
Launch Attack

Attackers launch BEC campaigns, sending email to their targeted list. BEC attacks have no malicious payload and will use impersonation tactics like display name deception, spoofing, or look-alike domains.

Phase 3
Apply Social Engineering

To convince the victim to take action, attackers impersonate people of authority such as the CEO or CFO and project urgency within the request.

Phase 4
Reap Rewards

With trust, authority, and urgency established, the victim proceeds with the request. Unfortunately, the results end with great financial loss or a data breach.

The Agari Advantage

identity security
Modeling Sender Trust and Authenticity

Focusing on content and infrastructure analysis doesn’t work against business email compromise, since no malicious payloads are used and they can be launched via reputable email services.

Agari carefully inspects each incoming email, analyzing the human relationships and behaviors. By understanding the identities behind the message, Agari spots the anomalous BEC behaviors preventing the attack from reaching the inbox.

Best Practices Against BEC Webinar
Becoming More Effective Every Day

BEC attacks are constantly evolving with the business and individual user environment. It’s not enough to keep up with the latest malicious tactics. You need to stay one step ahead.

Agari detects, defends against and deters the latest BEC tactics such as display name deception, spoofing, and look-alike domains. In addition, Agari baits cybercriminals into giving up unique insights to ensure that our customers are protected from future attacks.

BEC Protection
business partner
Automated Partner and Supplier Fraud Prevention

Cybercriminals often pose as a trusted supplier or partner in order to conduct invoice fraud, real-estate scams or other typical business email compromise attack.

Agari automatically models the identities of your business partners, their relationships, and behaviors to auto-generate protection policies. This hands-free approach protects your employees from the modern attacks of today and those we anticipate through predictive insights in the future.

Featured Products

Protect against costly advanced email attacks
Agari Advanced Threat ProtectionTM

Stop sophisticated identity deception threats including business email compromise, executive spoofing, and account takeover-based attacks.

Learn more
Agari Business Fraud ProtectionTM

Automate DMARC email authentication and enforcement to prevent your corporate domains from being used in a business email compromise attack

Learn more


email attack


ISMG: Uncovering the Latest Business Email Compromise Attack Trends

Business email compromise (BEC) attacks succeed not with malicious URLs and attachments but by exploiting ...

Email Intelligent Inbox

Blog Post

BEC & 'The Intelligent Inbox': Email Security of Tomorrow, Today

If you want to know why business email compromise (BEC) and other advanced email attacks keep working ...

Spear Phishing

Blog Post

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where ...

identity deception


Identity Deception: The New Threat

New email security threats are a $5 billion dollar problem, as criminals exploit trusted identities to ...

conquer email threats

Analyst Research

How to Conquer Targeted Email Threats: SANS Review of Agari Advanced Threat Protection

In this review of Agari Advanced Threat Protection™, SANS Senior Instructor Dave Shackleford explores ...

Bec Scams Easier

Blog Post

5 Big Reasons BEC Scams Are Getting Easier to Pull Off

Want to get a sense of the carnage being caused by business email compromise (BEC) attacks? Look no further ...

Mail Letter

Would you like the confidence to trust your inbox?