Combatting BEC and EAC: Seven Steps to Stop Attacks

Share with your network!

Business email compromise (BEC) and email account compromise (EAC) cost organizations around the globe billions. Specifically, according to the FBI, losses due to business email compromise (BEC) and email account compromise (EAC) scams have reached $26 Billion worldwide—and almost $1.7B in 2019 alone.

And attacks like these do not discriminate: nearly 90% of organizations faced business email compromise and spear phishing attacks in 2019 and 30% of organizations surveyed by Osterman Research experienced sensitive/confidential information leakage through email.  

BEC and EAC, Defined

As a reminder, BEC refers to an email scam that targets specific people in an organization to either steal money, data or other confidential employee information. These email impersonations rely heavily on social engineering tactics. 

EAC, which is intertwined with BEC, is a highly sophisticated attack in which attackers use various tactics, such as password spray, phishing, malware, to compromise victims’ email accounts, gaining access to legitimate mailboxes. Once they have unauthorized access, attackers can launch email fraud scams internally or externally with your suppliers and partners.

How to Stop BEC and EAC

Protecting against these attacks requires a multi-layered solution. In this blog series, “Combatting BEC and EAC” we dive into how Proofpoint helps organizations fight BEC/EAC threats. We’ll explore seven critical functions your email security solution must offer, empowering you to:

  1. Block impostor threats before they enter
  2. Authenticate email and enforce DMARC
  3. Protect cloud applications
  4. Isolate Web access
  5. Visibility into who is being targeted
  6. Automate remediation
  7. Train your employees

We will be dedicating seven blog posts which will dive into each of these seven email security prerequisites that will keep your organization safe from BEC and EAC attacks.