Business Email Compromise and Email Account Compromise

No two BEC/EAC attacks are alike. A layered approach to security is essential.

The costs are devastating. The problem is complex and ever changing. Identity deception and spoofing result in compromised data and cost companies millions in fraudulent transactions. Our layered approach addresses the multitude of tactics bad actors are using every day against businesses like yours.

Identity deception could be placing your business at risk

Whether they are spoofing an identity (BEC) or stealing a valid identity (EAC), attackers are using identity deception. That is the common email fraud element that needs to be addressed.

Business Email Compromise

Business email compromise (BEC) attacks ask the victim to send money or personal information out of the organization. Attackers do this by spoofing a person in authority, such as a CEO or VP of Finance. To stop BEC and email fraud attacks, consider implementing controls that:

  • Blocks email fraud attacks that use spoofed and lookalike domains
  • Analyzes all email content and headers using machine learning
  • Enables creation of global email authentication policy
  • Removes suspicious and unwanted email from end user inboxes
  • Shows authentication status across supply chain and business partners
  • Offers end user education to help identify business email compromise (BEC) attacks
  • Blocks attacks that use spoofed and lookalike domains

Email Account Compromise

Email account compromise can occur if a threat actor successfully tricks a victim into providing their credentials or accesses an account through other means. If an account is compromised, it can be used to move laterally inside an organization, steal data, or fraudulently communicate with your business partners or customers. In order to protect against email account compromise, you need a solution that:

  • Highlights brute-force attacks and suspicious user behavior across cloud applications
  • Identifies very attacked people
  • Forces password resets on email accounts that are compromised
  • Enables read-only access to unknown websites to prevent credential theft
  • Assess end user vulnerability to credential theft attacks


Business Email Compromise

At Proofpoint, we offer a layered approach to protecting against business email compromise (BEC) by addressing the many tactics that are used by threat actors. Tackling the problem in this way prevents threats using display name spoofing, domain spoofing, and lookalike domains. This also prevents BEC threats impacting your partners and customers with DMARC email authentication; this prevents potential financial impact as well as brand damage. We provide education and visibility so you understand how your organization is being attacked and the potential vulnerability of an individual or group to fall for an email fraud attack. And we improve the ability of your people to identify these threats.


Email Account Compromise

Preventing email account compromise spans different threat vectors, given the propensity of credential reuse across different accounts that an end user might have; this can also span personal and corporate accounts. We give you visibility and control across cloud applications, email, and personal webmail. This helps you prevent the loss of credentials and identify suspicious behavior accessing these accounts. It is critical to be able to identify attempted email account compromise and the symptoms of accounts that are already compromised. In this way, your organization can limit exposure to both infection and data loss.

How to Effectively Block BEC and EAC Attacks


  • Block attacks that use spoofed domains
  • Tag external email to inform recipients of the origin of the email
  • Analyze message headers to identify anomalies
  • Analyze all email content with machine learning
  • Identify and block display name spoofing
  • Enforce email authentication policy


  • Create a global email authentication policy (DMARC) and enforce it on an internet-wide basis
  • Block all attempts to send unauthorized emails from your trusted domains
  • Report on look-alike domain registrations

Cloud Applications

  • Identify suspicious cloud account activity
  • Detect brute-force attacks
  • Build policies to prioritize alerts

Web Access

  • Isolate access to unknown websites
  • Provide read-only access until security analysis is complete
  • Control content entering your organization through personal webmail accounts


  • Identify the VAPs in your organization
  • View the authentication status of your supply chain
  • Provide user-centric visibility into account attacks

Automated Remediation

  • Identify and remove suspicious emails that have entered the organization
  • Remove unwanted email from internal accounts that are compromised
  • Force password resets and disable accounts that are compromised
  • Use an account authentication solution to reauthenticate sessions
  • Investigate account compromise incidents


  • Assess user vulnerability to BEC and EAC threats
  • Train users on how to identify threats and credential theft
  • Automate abuse mailbox process


Protection against business email compromise

Proofpoint email analysis accurately identifies and blocks business email compromise using machine learning techniques and email authentication.

Watch the Demo

Ready to give Proofpoint a try?

Let us walk you through our BEC and EAC solutions and answer any questions you have about email security.