Business Email Compromise and Email Account Compromise

No two BEC/EAC attacks are alike. A layered approach to security is essential.

The costs are devastating. The problem is complex and ever changing. Identity deception and spoofing result in compromised data and cost companies millions in fraudulent transactions. Our layered approach addresses the multitude of tactics bad actors are using every day against businesses like yours.

Identity deception could be placing your business at risk

Whether they are spoofing an identity (BEC) or stealing a valid identity (EAC), attackers are using identity deception. That is the common email fraud element that needs to be addressed.

Business Email Compromise

Business email compromise (BEC) attacks ask the victim to send money or personal information out of the organisation. Attackers do this by spoofing a person in authority, such as a CEO or VP of Finance. To stop BEC and email fraud attacks, consider implementing controls that:

  • Blocks email fraud attacks that use spoofed and lookalike domains
  • Analyses all email content and headers using machine learning
  • Enables creation of global email authentication policy
  • Removes suspicious and unwanted email from end user inboxes
  • Shows authentication status across supply chain and business partners
  • Offers end user education to help identify business email compromise (BEC) attacks
  • Blocks attacks that use spoofed and lookalike domains

Email Account Compromise

Email account compromise can occur if a threat actor successfully tricks a victim into providing their credentials or accesses an account through other means. If an account is compromised, it can be used to move laterally inside an organisation, steal data, or fraudulently communicate with your business partners or customers. In order to protect against email account compromise, you need a solution that:

  • Highlights brute-force attacks and suspicious user behaviour across cloud applications
  • Identifies very attacked people
  • Forces password resets on email accounts that are compromised
  • Enables read-only access to unknown websites to prevent credential theft
  • Assess end user vulnerability to credential theft attacks

BEC

Business Email Compromise

At Proofpoint, we offer a layered approach to protecting against business email compromise (BEC) by addressing the many tactics that are used by threat actors. Tackling the problem in this way prevents threats using display name spoofing, domain spoofing, and lookalike domains. This also prevents BEC threats impacting your partners and customers with DMARC email authentication; this prevents potential financial impact as well as brand damage. We provide education and visibility so you understand how your organisation is being attacked and the potential vulnerability of an individual or group to fall for an email fraud attack. And we improve the ability of your people to identify these threats.

EAC

Email Account Compromise

Preventing email account compromise spans different threat vectors, given the propensity of credential reuse across different accounts that an end user might have; this can also span personal and corporate accounts. We give you visibility and control across cloud applications, email, and personal webmail. This helps you prevent the loss of credentials and identify suspicious behaviour accessing these accounts. It is critical to be able to identify attempted email account compromise and the symptoms of accounts that are already compromised. In this way, your organisation can limit exposure to both infection and data loss.

How to Effectively Block BEC and EAC Attacks

Gateway

  • Block attacks that use spoofed domains
  • Tag external email to inform recipients of the origin of the email
  • Analyse message headers to identify anomalies
  • Analyse all email content with machine learning
  • Identify and block display name spoofing
  • Enforce email authentication policy

Authentication

  • Create a global email authentication policy (DMARC) and enforce it on an internet-wide basis
  • Block all attempts to send unauthorised emails from your trusted domains
  • Report on look-alike domain registrations

Cloud Applications

  • Identify suspicious cloud account activity
  • Detect brute-force attacks
  • Build policies to prioritise alerts

Web Access

  • Isolate access to unknown websites
  • Provide read-only access until security analysis is complete
  • Control content entering your organisation through personal webmail accounts

Visibility

  • Identify the VAPs in your organisation
  • View the authentication status of your supply chain
  • Provide user-centric visibility into account attacks

Automated Remediation

  • Identify and remove suspicious emails that have entered the organisation
  • Remove unwanted email from internal accounts that are compromised
  • Force password resets and disable accounts that are compromised
  • Use an account authentication solution to reauthenticate sessions
  • Investigate account compromise incidents

Education

  • Assess user vulnerability to BEC and EAC threats
  • Train users on how to identify threats and credential theft
  • Automate abuse mailbox process

Demo

Protection against business email compromise

Proofpoint email analysis accurately identifies and blocks business email compromise using machine learning techniques and email authentication.

Watch the Demo

Ready to give Proofpoint a try?

Let us walk you through our BEC and EAC solutions and answer any questions you have about email security.