Bec business email compromise

One of the Fastest Growing, Costliest Threats Today

Business Email Compromise (BEC), also known as Imposter Email or CEO fraud, is an evolving threat designed to make victims believe they are transferring money or data to an external supplier, business executive, attorney or broker when they are in fact being swindled by cyber-criminals, who will often even follow up with an impersonator’s phone call to ensure transactions are seen through.

Phishing Protection

Business Email Compromise is a unique type of phishing email that is driven not by gaining credentials or using malicious links and malware to uncover information, but simple social engineering and misleading email tactics to divert funds or information from high-authority targets. With Vircom’s leading phishing protection and prevention, you’ll have peace of mind in knowing your employees will be protected from phishing emails and the variety of tactics they use.

Email Filters Key to Stopping BEC Fraud

New Business Email Compromise attempts often have a pattern where the email is from a local domain to a local domain, but with a non-local reply-to address. A good filter will spot these, particularly if it includes Domain-Based Message Authentication, Reporting & Conformance (DMARC) to prevent spoofed emails from reaching users. A great email filter will also include Advanced Threat Protection (ATP) that provides both signature-based detection (an important safeguard) while also catching irregular behavior and likely malicious emails.


DMARC authentication can serve to filter out many imposter emails, while publishing a policy can also increase this protection from “internal” imposters, while also ensuring that outbound email properly represent a company’s brand. Up to 75% of BEC attacks use reply-to spoofing and some other tactics that can be stymied by DMARC. Publishing a Sender Policy Framework (SPF), a requirement to publishing a DMARC policy, also helps reduce certain variants of email spoofing by ensuring that only valid domains are authorized to send emails on one’s behalf. With increased DMARC adoption, businesses can add even more capability in BEC prevention and reducing their vulnerability to other spoofed messages from both within and without their domains.

Business Email Compromise is a growing threat to businesses of all sizes that will cost billions of dollars in the years to come. Request a demo to discover more about what it takes to prevent BEC fraud from imposing costs on your business.