Business Email Compromise

Stop email fraud, including advanced supplier invoicing attacks

Stop the full range of BEC email fraud tactics with multilayered security controls and user awareness training. Our integrated, end-to-end solution is the industry’s most effective defense against email fraud—no matter what form it takes. Is your organization prepared? Get your free assessment.

Supplier invoicing fraud could
be placing your business at risk

Attackers can use both impersonation and compromised accounts jointly in an attack. They can also go after your supply chain and partner ecosystem to launch email fraud attacks. That’s why you need a holistic solution that addresses all BEC tactics.

Business Email Compromise

Business email compromise (BEC) is sophisticated because there’s no malicious payload to detect. Attackers often pose as someone their victims trust and trick them into making fraudulent financial payments. These can include gift card scams, payment redirect, and supplier invoicing fraud. To stop these email fraud attacks, you need an integrated solution that:

  • Detects various BEC tactics and stops email fraud threats before they enter 
  • Analyzes multiple message attributes with true machine learning
  • Identifies email fraud from impersonated and compromised suppliers
  • Provides visibility into which users are most attacked and by what types of BEC scam
  • Trains end users to spot and report on suspicious BEC threats
  • Automates threat detection and response
  • Protects your brand in email fraud attacks by preventing fraudulent use of your domain


Business Email Compromise

Proofpoint is the only vendor that provides you with an end-to-end, integrated solution to combat business email compromise (BEC). We address various tactics used in email fraud attacks, such as use of impersonated supplier domains, reply-to pivots, domain spoofing, display name spoofing, and lookalike domains.

The integrated Proofpoint platform uses Advanced BEC Defense, our ML/AI-powered BEC detection engine, to detect and stop email fraud attack more effectively. With it, you can detect sophisticated supply chain fraud attacks that often lead to large financial losses. And you get training to help your users spot identify deception. You also gain brand protection in BEC scams with DMARC authentication. With this integrated platform, you get visibility across multiple threat vectors, including your supply chain, and automated threat detection and response.

How Proofpoint Effectively
Defends against Email Fraud


  • Dynamically detect and block business email compromise variants
  • Identify various BEC tactics, such as the use of impersonated supplier domains and of compromised supplier accounts
  • Tag external email to alert recipients of the origin of the email
  • Analyze multiple email attributes, such as header, sender’s IP, reputation, and message body for urgency
  • Use Advanced BEC Defense, a machine learning-based detection engine that learns in real time and analyzes every detail of a message
  • Enforce email authentication, such as SPF, DMKIM, and DMARC


  • Implement email authentication (DMARC) and enforce it on an internet-wide basis
  • Block all attempts to send unauthorized emails from your trusted domains
  • Dynamically report on lookalike domains across digital channels


  • Identify your Very Attacked People™ (VAPs) to identify which users are being attacked with impostor threats
  • Provide granular business email compromise (BEC) threat details, such as gift card, payroll redirect, invoicing, and lure
  • See which suppliers pose the highest risk to your organization
  • Uncover malicious lookalikes of your domains and of your suppliers’ domains
  • Reveal who’s sending emails using your domain, including trusted third-party senders


  • Train users to spot and report on suspicious imposter threats
  • Safely assess user vulnerability to BEC threats with real-world examples
  • Provide tailored BEC training to your VAPs
  • Enable users to make more informed decisions on uncertain emails with an email warning tag

Automated Response

  • Quarantine or remove suspicious or unwanted messages with one click—or automatically
  • Automate abuse mailbox process
  • Enable users to report suspicious impostor messages directly from the warning tag


Protection against business email compromise

Proofpoint email analysis accurately identifies and promotes business email compromise prevention using machine learning techniques and email authentication.

Watch the Demo

Ready to give Proofpoint a try?

Let us walk you through our BEC and EAC solutions and answer any questions you have about email security.