Supplier invoicing fraud could
be placing your business at risk
Attackers can use both impersonation and compromised accounts jointly in an attack. They can also go after your supply chain and partner ecosystem to launch email fraud attacks. That’s why you need a holistic solution that addresses all BEC tactics.
Business Email Compromise
Business email compromise (BEC) is sophisticated because there’s no malicious payload to detect. Attackers often pose as someone their victims trust and trick them into making fraudulent financial payments. These can include gift card scams, payment redirect, and supplier invoicing fraud. To stop these email fraud attacks, you need an integrated solution that:
- Detects various BEC tactics and stops email fraud threats before they enter
- Analyzes multiple message attributes with true machine learning
- Identifies email fraud from impersonated and compromised suppliers
- Provides visibility into which users are most attacked and by what types of BEC scam
- Trains end users to spot and report on suspicious BEC threats
- Automates threat detection and response
- Protects your brand in email fraud attacks by preventing fraudulent use of your domain
BEC
Business Email Compromise
Proofpoint is the only vendor that provides you with an end-to-end, integrated solution to combat business email compromise (BEC). We address various tactics used in email fraud attacks, such as use of impersonated supplier domains, reply-to pivots, domain spoofing, display name spoofing, and lookalike domains.
The integrated Proofpoint platform uses Advanced BEC Defense, our ML/AI-powered BEC detection engine, to detect and stop email fraud attack more effectively. With it, you can detect sophisticated supply chain fraud attacks that often lead to large financial losses. And you get training to help your users spot identify deception. You also gain brand protection in BEC scams with DMARC authentication. With this integrated platform, you get visibility across multiple threat vectors, including your supply chain, and automated threat detection and response.
How Proofpoint Effectively
Defends against Email Fraud
Gateway
- Dynamically detect and block business email compromise variants
- Identify various BEC tactics, such as the use of impersonated supplier domains and of compromised supplier accounts
- Tag external email to alert recipients of the origin of the email
- Analyze multiple email attributes, such as header, sender’s IP, reputation, and message body for urgency
- Use Advanced BEC Defense, a machine learning-based detection engine that learns in real time and analyzes every detail of a message
- Enforce email authentication, such as SPF, DMKIM, and DMARC
Authentication
- Implement email authentication (DMARC) and enforce it on an internet-wide basis
- Block all attempts to send unauthorized emails from your trusted domains
- Dynamically report on lookalike domains across digital channels
Visibility
- Identify your Very Attacked People™ (VAPs) to identify which users are being attacked with impostor threats
- Provide granular business email compromise (BEC) threat details, such as gift card, payroll redirect, invoicing, and lure
- See which suppliers pose the highest risk to your organization
- Uncover malicious lookalikes of your domains and of your suppliers’ domains
- Reveal who’s sending emails using your domain, including trusted third-party senders
Education
- Train users to spot and report on suspicious imposter threats
- Safely assess user vulnerability to BEC threats with real-world examples
- Provide tailored BEC training to your VAPs
- Enable users to make more informed decisions on uncertain emails with an email warning tag
Automated Response
- Quarantine or remove suspicious or unwanted messages with one click—or automatically
- Automate abuse mailbox process
- Enable users to report suspicious impostor messages directly from the warning tag
Demo
Protection against business email compromise
Proofpoint email analysis accurately identifies and promotes business email compromise prevention using machine learning techniques and email authentication.