Business Email Compromise

Detect BEC attacks and social engineering with Egress Defend.

Request a demo Egress Defend

Business email compromise is the most common phishing threat

37%

of cybercrime losses reported to FBI caused by BEC threats

98%

of cyberattacks involve social engineering

$43bn

has been lost due to BEC attacks

Exploiting your trusted relationships

BEC threats are the hardest phishing attacks to detect. Threat actors impersonate or hijack a legitimate business email account that belongs to a trusted vendor, CEO, or another executive, using social engineering to trick their target into fraudulently transferring funds or divulging sensitive information.

The signature-based detection in Microsoft 365 native security and secure email gateways (SEGs) cannot detect BEC attacks at the rate modern enterprises need to prevent financial losses, data exfiltration, and reputational damage.

Stats V2 BEC
Solutions BEC 1

Egress Defend uses intelligent technology to detect BEC attacks

  • 1 Display name impersonation detection. This is difficult for users to spot, especially on mobile devices, and as the domain is real, it passes SPF checks.
  • 2 Homograph attack. The domain c0mpany.com is used to fool the user into thinking this BEC threat is a genuine email. However, the display name matches that used by an internal user. An internal user with an external domain is treated with suspicion by Egress Defend.
Solutions BEC 2

Natural language processing (NLP) enhances BEC detection

  • 3 Linguistic analysis. Egress Defend detects that the language used in this email includes credibility statements that incite a sense of urgency and try to deter the user from confirming legitimacy through other means.
  • 4 CEO impersonation. Using NLP, Defend detects that the attacker is posing as the CEO to appear as a trusted and important sender to try to increase the likelihood that the user will engage.
Har Telemetry Dark Cropped

CISO Strategy Guide: Quishing attacks in Microsoft 365

Download guide
Solutions BEC 3

Cut through the noise to highlight the risks that matter

Reporting on BEC threats and other phishing attacks can be manual and slow. Even worse, systems can throw too much unnecessary information at you, making it harder to make timely and effective decisions.

Egress Defend’s intelligence platform provides simplified dashboards and critical insights so that administrators can quickly cut through the noise, identify email security risks, and, where necessary, remediate them.

Solutions BEC 4

Actionable intelligence into BEC threats

Data and analytics should not overwhelm you with information. Augmented threat intelligence into attack types, payload, and supply chain health gives Security teams what they need to take decisive action that mitigate BEC threats.

Our real-time threat feed offers insights and statistics into email details, type of attack, threat levels, authentication checks, communication history, and how your people interacted with the email.

Learn more about how Egress Defend can prevent business email compromise

Request a personalized demo View Egress Defend

Greater Manchester Mental Health Trust detects BEC attacks in Microsoft 365 using Egress Defend

“We’re really pleased with Defend. We’re now detecting a broader range of advanced phishing threats, including BEC and impersonation attacks."

Kevin Orritt GMMH
Kevin Orritt Cyber Security Manager, GMMH
Read the full story

Related resources

CISO Guide Impersonation Attacks Web Imgs Related Lrg
CISO Strategy Guide

Detecting impersonation attacks in Microsoft 365
1964 HRS24 Web Imgs Related Lrg
Virtual event

Human Risk Summit 2024
Customer Story Web Imgs Shields Listing Pg Thumb
Customer story

Egress transforms email security at Shields Health Solutions
CISO Guide BEC Comp
CISO Strategy Guide

Business Email Compromise