Business Email Compromise (BEC) is an advanced form of phishing which uses high level accounts to build trust and authenticity, before gaining access to data or finances. This type of attack can be very effective as the relationship – and consequently, the request for data or money – is realistic and plausible.
Beyond the obvious financial implications of suffering a BEC attack, the consequences could be more far reaching and threaten your organization in the longer term. For example, the repercussions of an attack could bring your credibility into question, losing you trusted customers and potential profit.
There isn’t a single solution that will eliminate your chances of falling victim to a BEC attack. Instead, there are a number of different solutions and approaches that will give you the greatest chance of coming out the other side.
In this guide, we’ll cover some of the top solutions that will help to protect your organization from falling victim to BEC attacks. The solutions address BEC from a range of perspectives – from email spoofing, and credential theft, to phishing – in an attempt to give you the best form of protection. This list will include products that are secure email gateways, dedicated phishing firewalls, and user training platforms to give you a range of defenses.
Based in San Francisco, California, Abnormal Security provides comprehensive protection against the full spectrum of email attacks, including business email compromise, phishing, malware, ransomware, social engineering, as well as spam and graymail. The platform can also automate your security operations to streamline workflows and reduce total spend.
Abnormal allows you to prevent harmful emails from reaching your users. This reduces the chances of business email compromise attacks, supply chain fraud, and credential phishing attempts. The solution also has the capability to detect account takeover attacks by monitoring normal behavior and flagging suspicious activities. The platform’s analytics capabilities enable it to assess your security posture and make suggestions of how this can be improved. Reports can be automated for auditing and compliance purposes.
The platform can ingest data from sources other than email to give you comprehensive security; this includes Slack, Microsoft 365, and Active Directory, amongst others. The platform unifies data from these sources to provide clear and concise intelligence regarding users and threats. We would recommend Abnormal for organizations of all sizes that need a comprehensive and agile email and communications security tool.
Agari is a market leader in email security, securing enterprises globally against phishing, account takeover, BEC, and more. Via their BEC-focused counterintelligence research group, Agari Cyber Intelligence Division (ACID), Agari leverages both extensive expertise and active engagement with threat actors to identify BEC threats and provide actionable intelligence in real time. Their comprehensive cloud-based suite of products includes phishing and BEC defense, impersonation protection, and robust threat reporting and analysis capabilities to help mitigate BEC.
Agari Phishing Defense inspects and analyzes inbound emails to detect anomalous behavior and indicators of compromise—including domain spoofing and lookalike domains—and block emails from reaching users’ inboxes. Agari also protects against vendor email compromise (VEC) by learning and modeling third party identities and scanning for abnormal behavior. Additionally, the Agari Active Defense solution leverages intelligence delivered by ACID and combines actionable insights, visibility of threats, and robust reporting to provide comprehensive protection against BEC attacks, as well as deliver monthly reporting on BEC attack cycles, employee risk, and attack methods.
The solution can be used with Microsoft 365, Microsoft Exchange, and Google Workspace, and integrates with Azure Sentinel, Splunk, and Palo Alto Networks. Agari’s products are praised by users for ease of use and high levels of support—with onboarding and training included with the solution. We recommend Agari for enterprise organizations across all industries that are looking for powerful BEC protection in combination with advanced analytics and intelligence feeds.
Avanan is an email and collaboration tools security provider, offering a cloud-based platform that works across Microsoft 365 and Google Workspace, as well as Slack and Dropbox. Using advanced AI, Avanan continuously scans inbound emails for anomalies and signs of impersonation or fraud, working alongside traditional/default email security solutions and catching the threats that slip through the cracks of those solutions—such as BEC, account compromise, phishing, data leakage, and more.
Avanan’s advanced AI builds custom threat profiles by learning communication patterns, employee relationships, and historical emails within users’ inboxes. The solution then uses contextual analysis and anomaly detection alongside their anti-phishing algorithm, Smart-Phish, to analyze emails in real time to detect BEC and employee impersonation. To detect account compromise, Avanan identifies suspicious behavior across the email network and cloud applications, including unrecognized logins, suspicious configurations, multiple password resets, and more, and can automatically lock out suspicious users—as per configured policies.
The cloud-based, Software-as-a-Service solution is quick to install and deploys via API—meaning it requires no change to MX records. Users praise the solution as easy to deploy, simple to use, reliable, and scalable. Avanan’s solution is ideal for organizations of all sizes that are using Microsoft 365/Exchange or Google Workspace. We recommend Avanan for organizations across all industries that are looking to reinforce their existing email security stack with a powerful solution that detects threats that might slip past traditional defenses.
Barracuda is a leading email security provider, offering a multi-layered stack of security solutions. The Total Email Protection portfolio provides comprehensive, all-round protection against 13 types of email threats—including spear phishing, BEC, and account takeover—through the combination of a secure email gateway, AI threat detection, user awareness training, and automated remediation. Included in the portfolio, Barracuda Sentinel leverages AI to detect and respond to impersonation and malicious activity, while PhishLine provides robust user awareness training and reporting.
Sentinel employs advanced AI to observe individual user communication patterns and create an “identity graph”, which is then used as a baseline to detect any anomalies. The solution scans for unusual requests, unrecognized contacts, BEC-related language and content, location, names used, and more. On spotting anomalous behavior, the solution can automatically flag and remove emails. Alongside this, PhishLine offers engaging and up-to-date user awareness training material alongside fully customizable simulated phishing campaigns, and user behavior reporting. Using Sentinel’s AI capabilities, organizations can identify high-risk employees—such as those in finance, HR, and IT—and administer tailored training via PhishLine.
Barracuda’s Total Email Protection portfolio is overall rated highly as an effective and easy-to-use solution. Sentinel uses API-based deployment and integrates quickly with users’ inboxes. We recommend the solution for mid-sized and enterprise organizations looking for a comprehensive, all-in-one email security and awareness training solution to protect against spear phishing, BEC, and account compromise.
Cofense is an industry leader in advanced phishing detection and response solutions, combining technology and process with employee education to actively defend organizations against phishing, BEC, and other email-related attacks. The complete Cofense phishing detection and response suite includes a combination of security awareness training and phishing simulations to train employees to report suspicious emails, alongside automated tools that triage and respond to detected threats.
Cofense’s user training platform educates users on how to identify and react to phishing, BEC, and more. Organizations can also expose users to simulated phishing emails that are up-to-date and mimic real-life threats that are known to bypass SEGs and traditional email security tools. Their email reporting plugin goes hand-in-hand with this, and enables users to report suspicious emails to their security teams—both simulated and genuine. To help manage and prioritize these reports, organizations can leverage automated triage to identify and analyze threats based on domain, attachments, and more, as well as the ability to automatically quarantine and remove identified threats—as per configured policies.
The phishing detection and response platform works alongside Microsoft 365’s built-in email protection, as well as Google Workspace. Users rate the suite of security tools as easy to use, reliable, and flexible. We recommend this solution for organizations of all sizes across multiple industries that are looking for user-friendly and engaging awareness training alongside automated tooling to defend against phishing and BEC attacks.
IRONSCALES is an industry-leading cloud-based email security and anti-phishing provider that combines the power of AI and human intelligence to provide comprehensive and effective email protection. Their all-in-one platform offers email security alongside user security awareness training to both protect against attacks—including BEC—and educate users on how to keep themselves and their organization safe. Alongside both internal and external phishing attacks, the platform also protects organizations against CEO and employee impersonation, supply chain attacks, invoice fraud, and more.
IRONSCALES’ platform includes email security features such as inbound email filtering, URL scanning, and DMARC, as well as anomaly detection. The platform learns employee habits, communication history, and relationships to detect any anomalies and help prevent impersonation and fraud. Any anomalies detected by IRONSCALES are flagged, investigated, and remediated. The platform also automatically detects commonly used BEC language—such as requests for financial account details. As well as this, organizations can train users to spot phishing attacks via both engaging training modules and phishing simulation emails that are delivered straight to users’ inboxes.
IRONSCALES’ cloud-based platform integrates easily with Microsoft 365, Google Workspace, and Exchange, can be deployed quickly, and doesn’t require MX-record configuration or rules to be set up on the email side. The solution is rated highly by users, who praise it as easy-to-use and intuitive. We recommend IRONSCALES for SMBs as well as enterprise organizations looking for market-leading email security and BEC protection alongside customizable phishing simulations.
Mimecast is an industry-leading email security provider that offers a comprehensive, all-in-one, cloud-based security platform, packaged in one subscription service. Their Email Security With Targeted Threat Protection products secure organizations against BEC via a suite of advanced features—including a secure email gateway, impersonation protection, internal email protection, and more. Mimecast also leverages the Mimecast Security Operations Centre (MSOC) to monitor and analyze billions of emails each month, so their users can stay protected against even the most recent threats.
Mimecast’s email security products are designed to protect users against BEC across desktop and mobile, as well as personal devices. Email protection includes their secure email gateway, which combines detection engines, threat intelligence, and policy management, as well as DMARC and email quarantine. Additionally, Mimecast Impersonation Protect scans all inbound emails in real time for suspicious content, anomalies, domain spoofing, and newly registered domains. Organizations can also leverage Mimecast Awareness Training, which is part of their wider stack, to educate and test employees on email-based threats.
Delivered as-a-Service, the platform can be run on Amazon Web Services or Mimecast’s native cloud platform, Mime|OS. Mimecast’s platform is rated highly by users, and praised as reliable, effective, easy to manage—although, a little difficult to initially implement—and includes high-quality support. We recommend this solution for enterprise organizations across all industries looking for powerful, integrated email security and BEC protection alongside robust user awareness training.
Proofpoint is an industry-leading cybersecurity and compliance provider, currently protecting more than 8,000 businesses globally against advanced threats. Part of their integrated Threat Protection Platform, Proofpoint Advanced BEC Defense leverages their brand-new detection platform, Supernova, to deliver an end-to-end solution that protects organizations against BEC attacks. Leveraging machine learning/AI to analyze more than two billion emails, 35 billion URLs, and two million attachments every day, Proofpoint Advanced BEC Defense helps organizations thwart targeted attacks and protect their data against compromise.
To enable organizations to prevent email-based attacks and fraud more effectively, Proofpoint Threat Protection provides advanced features to identity, block, authenticate, and quarantine/remove suspected threats. The solution also includes advanced reporting on BEC threat details, supply chain threats, frequently targeted users, domain lookalikes, and senders maliciously using organizations’ domains. Organizations can also leverage Proofpoint’s tailored BEC awareness training to educate users on spotting and reporting suspicious emails and imposter threats.
Users rate Proofpoint’s solution as reliable, easy to set up and manage, and effective at detecting and blocking threats. They also praise the high level of support provided. We’d recommend Proofpoint to organizations of all sizes across all industries that are looking for a comprehensive, end-to-end BEC defense solution, alongside advanced reporting capabilities and user awareness training.
Vade is an industry-leading cybersecurity company, offering a suite of AI-based predictive email security solutions. Among these is Vade for M365, which fully integrates with Microsoft 365. Vade’s solution is designed to work alongside Microsoft’s built-in threat protection as an additional layer of security against sophisticated spear phishing and BEC attacks. The solution uses AI and machine learning to identify anomalies and detect and block commonly used BEC language and patterns.
Vade’s robust AI technology continuously leverages its anomaly detection and language analysis capabilities to scan inbound emails for impersonation and malicious patterns. It does so by establishing a baseline of “normal” communication patterns among employees and flagging behavior that doesn’t comply by displaying a customizable warning banner on the email. Additionally, it can automatically quarantine emails, according to admin policies. The solution also detects cousin domains, domain and email address spoofing, BEC-style language and content, and more. User awareness training comes as part of the solution and includes both contextual training courses and phishing simulations that are based on real-life threats.
Designed to integrate fully with Microsoft 365, Vade for M365 integrates via API—meaning no MX changes are required. The solution is quick and easy to deploy, and is praised by users as intuitive, easy to use, effective, and reliable. We recommend Vade for M365 for SMBs across all industries that are currently using Microsoft 365 and seek an additional layer of security against spear phishing and BEC.
ZeroFox provides automated external threat identification and dismantling for organizations globally via a combination of security, AI and human intelligence, and malicious content disruption. The ZeroFox platform provides full visibility of threats on both the surface and dark web, while identifying and automatically remediating targeted attacks such as phishing, credential compromise, and BEC. The platform protects not only email, but an organization’s entire attack surface—including collaboration tools, social media, domains, and more.
The ZeroFox platform provides advanced, AI-powered protection against phishing and BEC by continuously scanning users’ inboxes to identify employee impersonation and malicious content. ZeroFox can identify indicators of impersonation and fraud using machine learning, natural language processing, computer vision to power text, and more. When a potential threat is identified, a warning banner is displayed to the user to alert them of suspicious content. The solution can also go a step further and dismantle attacker infrastructure to help prevent future attacks.
The solution deploys easily in the cloud, and integrates effortlessly with an organization’s existing network infrastructure. Users overall find ZeroFox to be collaborative and knowledgeable partners, and rate the platform as easy to use and reliable. We recommend ZeroFox to SMBs and enterprise organizations across all industries, that are looking for powerful threat scanning and remediation capabilities to help thwart phishing and BEC attacks.
FAQs
How Do BEC Attacks Work?
BEC attacks start with an authentic inbox being accessed by a malicious actor. This can happen in a variety of ways – from using stolen credentials purchased on the dark web, to social engineering, and brute force attacks. So, the first thing you should do to prevent BEC attacks is keep your credentials safe – some of the products featured on the list focus on this.
Then, an attacker will reach out from the compromised account to existing employees or to other companies. As they are writing from a valid email address that the target is already familiar with, there is little need to be concerned. The attacker may send a fake invoice, request access to data, or even attempt to hijack another account.
With the amount of information readily available online – think of all the information you share on LinkedIn – coupled with the valid account and ability to look back at previous conversations and imitate style, BEC is a very concerning attack type.
To prevent BEC attacks, it is worth keeping an open mind about what to look for. With attackers constantly searching for new ways to trick you, there are no checklist (or limit) to how they might dupe you. Another area that could be worth investing in is Security Awareness Training (SAT) – this educates your users on suspicious behaviour and explains best practice responses.
How To Choose A BEC Solution?
When choosing a BEC solution, it’s important to make the right choice. Failure to do so could leave you with a false sense of security. You should adopt a solution that focuses on your vulnerabilities. For instance, your business may release a large quantity of emails and other communications; this could make your brand susceptible to spoofing. Alternatively, you may have a large, disparate work force, the sheer number of employees makes you susceptible to phishing attempts. When selecting a BEC solution, you should consider for the following features:
What Are Your Vulnerabilities?
If you are looking for a solution that can respond to email based threats, it may not be sited to cover SMS or visiting attacks. Before deciding what solution is best, look at where you are weakest.
Automation And Configuration
The ability to automate and configure your solution can affect how useful it is to your organization. It may be that you want a solution that you can let run in he background, without any need for input. Equally, you may want a more hands on solution that puts your in control of configuration and management.
What Are Its Features?
This might seem like an obvious point, but it is worth comparing the features of each solution to ensure it will work in your environment. URL rewriting, always on connectivity, and database cross-checking gives you the best chance of remediating threats.
