Anatomy of an Attack

Business Email Compromise comes in many forms. These are sham security alerts, last-minute payment requests, bogus past-due statements, fraudulent wiring instructions and more. Ninety-six percent of businesses have been hit, to the tune of $12.5 billion in losses since 2013. And the danger grows daily.

Phase 1
Build Target List

Cybercriminals start by building a target list, often using business contact databases, mining LinkedIn profiles, and even scouring the target's website to identify key individuals and relationships.

Phase 2
Launch Attack

Attackers launch BEC campaigns, sending email to their targeted list. BEC attacks have no malicious payload and will use impersonation tactics like display name deception, spoofing, or look-alike domains.

Phase 3
Apply Social Engineering

To convince the victim to take action, attackers impersonate people of authority such as the CEO or CFO and project urgency within the request.

Phase 4
Reap Rewards

With trust, authority, and urgency established, the victim proceeds with the request. Unfortunately, the results end with great financial loss or a data breach.

What is Business Email Compromise?

Founder and CEO, Patrick Peterson

Patrick discusses the tactic of identity impersonation for business email compromise attacks, such as executive spoofing.

The Agari Advantage

What is Business Email Compromise?
Learn more
Modeling Sender Trust and Authenticity

Focusing on content and infrastructure analysis doesn’t work against business email compromise, since no malicious payloads are used and they can be launched via reputable email services.

Agari carefully inspects each incoming email, analyzing the human relationships and behaviors. By understanding the identities behind the message, Agari spots the anomalous BEC behaviors preventing the attack from reaching the inbox.

Becoming More Effective Every Day

BEC attacks are constantly evolving with the business and individual user environment. It’s not enough to keep up with the latest malicious tactics. You need to stay one step ahead.

Agari detects threats and prevents the latest BEC tactics such as display name deception, spoofing, and look-alike domains. In addition, Agari baits cybercriminals into giving up unique insights to ensure that our customers are protected from future attacks.

BEC Protection
business partner
Automated Partner and Supplier Fraud Prevention

Cybercriminals often pose as a trusted supplier or partner in order to conduct invoice fraud, real-estate scams or other typical business email compromise attack.

Agari automatically models the identities of your business partners, their relationships, and behaviors to auto-generate protection policies. This hands-free approach protects your employees from the modern attacks of today and those we anticipate through predictive insights in the future.

Simulated Product Demonstration

Try this simulated product demonstration to see why companies including Allergan, Comcast, and Informatica use Agari Phishing Defense™ to protect their inboxes.

Featured Products

Protect against costly advanced email attacks
Agari Phishing DefenseTM

Stop sophisticated identity deception threats including business email compromise, executive spoofing, and account takeover-based attacks.

Learn more
Agari Phishing ResponseTM

Accelerate phishing incident triage, forensics, remediation, and breach containment for the Security Operations Center (SOC).

Learn more


Download the Email Fraud & Identity Deception Trends Report

The Agari Cyber Intelligence Division analyzed trillions ...

Learn More
White Paper
Cosmic Lynx Threat Dossier: The Rise of Russian BEC

Cosmic Lynx is a Russia-based BEC cybercriminal ...

Learn More
White Paper
Silent Starling Threat Dossier: BEC to VEC

Vendor email compromise is a new form ...

Learn More
H2 2020 Email Fraud & Identity Deception Trends Report: Page 2

Get ahead of the attacks costing organizations ...

Learn More
White Paper
Scattered Canary Threat Dossier

Business email compromise (BEC) has continued to ...

Learn More
Blog Post
The Intelligent Inbox: Email Security of Tomorrow, Today

If you want to know why business ...

Learn More
White Paper
Exaggerated Lion Threat Dossier: BEC Check Fraud Ring

Exaggerated Lion is a BEC cybercrime ring ...

Learn More
Blog Post
The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Imagine going to the doctor and only ...

Learn More
conquer email threats
Analyst Research
How to Conquer Targeted Email Threats: SANS Review of Agari Phishing ...

In this review of Agari Phishing Defense™, ...

Learn More
Bec Scams Easier
Blog Post
5 Big Reasons BEC Scams Are Getting Easier to Pull Off

Want to get a sense of the ...

Learn More
Mail Letter

Would you like the confidence to trust your inbox?