Business Email Compromise

Fraudsters are constantly evolving their tactics. And now they’re targeting your suppliers. A comprehensive integrated platform is essential.

The costs are devastating. The problem is complex and ever changing. Identity deception and spoofing result in compromised data and cost companies millions in fraudulent transactions. Our integrated threat protection platform addresses the multitude of tactics attackers are using every day against businesses like yours.

Supplier invoicing fraud could
be placing your business at risk

Attackers can use both impersonation and compromised accounts jointly in an attack. They can also go after your supply chain and partner ecosystem to launch email fraud attacks. That’s why you need a holistic solution that addresses all BEC tactics.

Business Email Compromise

Business email compromise (BEC) is sophisticated because there’s no malicious payload to detect. Attackers often pose as someone their victims trust and trick them into making fraudulent financial payments. These can include gift card scams, payment redirect, and supplier invoicing fraud. To stop these email fraud attacks, you need an integrated solution that:

  • Detects various BEC tactics and stops email fraud threats before they enter 
  • Analyzes multiple message attributes with true machine learning
  • Identifies email fraud from impersonated and compromised suppliers
  • Provides visibility into which users are most attacked and by what types of BEC scam
  • Trains end users to spot and report on suspicious impostor threats
  • Automates threat detection and response
  • Protects your brand in email fraud attacks by preventing fraudulent use of your domain

BEC

Business Email Compromise

Proofpoint is the only vendor that provides you with an end-to-end, integrated solution to combat business email compromise (BEC). We address various tactics used in email fraud attacks, such as use of impersonated supplier domains, reply-to pivots, domain spoofing, display name spoofing, and lookalike domains.

The integrated Proofpoint platform uses Advanced BEC Defense, our ML/AI-powered BEC detection engine, to detect and stop email fraud attack more effectively. With it, you can detect sophisticated supply chain fraud attacks that often lead to large financial losses. And you get training to help your users spot identify deception. You also gain brand protection in BEC scams with DMARC authentication. With this integrated platform, you get visibility across multiple threat vectors, including your supply chain, and automated threat detection and response.

How Proofpoint Effectively
Defends against Email Fraud

Gateway

  • Dynamically detect and block BEC variants
  • Identify various BEC tactics, such as the use of impersonated supplier domains and of compromised supplier accounts
  • Tag external email to alert recipients of the origin of the email
  • Analyze multiple email attributes, such as header, sender’s IP, reputation, and message body for urgency
  • Use Advanced BEC Defense, a machine learning-based detection engine that learns in real time and analyzes every detail of a message
  • Enforce email authentication, such as SPF, DMKIM, and DMARC

Authentication

  • Implement email authentication (DMARC) and enforce it on an internet-wide basis
  • Block all attempts to send unauthorized emails from your trusted domains
  • Dynamically report on lookalike domains across digital channels

Visibility

  • Identify your Very Attacked People™ (VAPs) to identify which users are being attacked with impostor threats
  • Provide granular BEC threat details, such as gift card, payroll redirect, invoicing, and lure
  • See which suppliers pose the highest risk to your organization
  • Uncover malicious lookalikes of your domains and of your suppliers’ domains
  • Reveal who’s sending emails using your domain, including trusted third-party senders

Education

  • Train users to spot and report on suspicious imposter threats
  • Safely assess user vulnerability to BEC threats with real-world examples
  • Provide tailored BEC training to your VAPs
  • Enable users to make more informed decisions on uncertain emails with an email warning tag

Automated Response

  • Quarantine or remove suspicious or unwanted messages with one click—or automatically
  • Automate abuse mailbox process
  • Enable users to report suspicious impostor messages directly from the warning tag

Demo

Protection against business email compromise

Proofpoint email analysis accurately identifies and blocks business email compromise using machine learning techniques and email authentication.

Watch the Demo