CINXE.COM

What Is BEC? - Business Email Compromise Defined | Proofpoint US

<!DOCTYPE html> <html lang="en-us" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# schema: http://schema.org/ sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema# " class="page-en"> <head> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-MGR7P8X');</script> <script async src="https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL"></script> <script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-B1V8SZE3GL');</script> <script>(function(){var a=window.mutiny=window.mutiny||{};if(!window.mutiny.client){a.client={_queue:{}};var b=["identify","trackConversion"];var c=[].concat(b,["defaultOptOut","optOut","optIn"]);var d=function factory(c){return function(){for(var d=arguments.length,e=new Array(d),f=0;f<d;f++){e[f]=arguments[f]}a.client._queue[c]=a.client._queue[c]||[];if(b.includes(c)){return new Promise(function(b,d){a.client._queue[c].push({args:e,resolve:b,reject:d})})}else{a.client._queue[c].push({args:e})}}};c.forEach(function(b){a.client[b]=d(b)})}})();</script> <script data-cfasync="false" src="https://client-registry.mutinycdn.com/personalize/client/d454424c4514a20a.js"></script> <meta charset="utf-8" /> <meta name="description" content="Learn about Business Email Compromise (BEC), how it works, and different types of threats. Proofpoint shares how to identify and protect against a BEC scam." /> <link rel="canonical" href="https://www.proofpoint.com/us/threat-reference/business-email-compromise" /> <link rel="shortlink" href="https://www.proofpoint.com/us/threat-reference/business-email-compromise" /> <link rel="image_src" href="https://www.proofpoint.com/sites/default/files/styles/metatag/public/2020-06/pfpt-us-bec-eac-general-banner.jpg?itok=vXSC4Q-H" /> <link rel="icon" href="/themes/custom/proofpoint/apps/drupal/favicon.ico" /> <link rel="mask-icon" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon.svg" /> <link rel="icon" sizes="16x16" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-16x16.png" /> <link rel="icon" sizes="32x32" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-32x32.png" /> <link rel="icon" sizes="96x96" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-96x96.png" /> <link rel="icon" sizes="192x192" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-192x192.png" /> <link rel="apple-touch-icon" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-60x60.png" /> <link rel="apple-touch-icon" sizes="72x72" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-72x72.png" /> <link rel="apple-touch-icon" sizes="76x76" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-76x76.png" /> <link rel="apple-touch-icon" sizes="114x114" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-114x114.png" /> <link rel="apple-touch-icon" sizes="120x120" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-120x120.png" /> <link rel="apple-touch-icon" sizes="144x144" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-144x144.png" /> <link rel="apple-touch-icon" sizes="152x152" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-152x152.png" /> <link rel="apple-touch-icon" sizes="180x180" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-180x180.png" /> <link rel="apple-touch-icon-precomposed" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-57x57.png" /> <link rel="apple-touch-icon-precomposed" sizes="72x72" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-72x72.png" /> <link rel="apple-touch-icon-precomposed" sizes="76x76" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-76x76.png" /> <link rel="apple-touch-icon-precomposed" sizes="114x114" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-114x114.png" /> <link rel="apple-touch-icon-precomposed" sizes="120x120" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-120x120.png" /> <link rel="apple-touch-icon-precomposed" sizes="144x144" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-144x144.png" /> <link rel="apple-touch-icon-precomposed" sizes="152x152" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-152x152.png" /> <link rel="apple-touch-icon-precomposed" sizes="180x180" href="/themes/custom/proofpoint/apps/drupal/images/favicons/favicon-180x180.png" /> <meta property="og:site_name" content="Proofpoint" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://www.proofpoint.com/us/threat-reference/business-email-compromise" /> <meta property="og:title" content="What Is BEC? - Business Email Compromise Defined | Proofpoint US" /> <meta property="og:description" content="Learn about Business Email Compromise (BEC), how it works, and different types of threats. Proofpoint shares how to identify and protect against a BEC scam." /> <meta property="og:image" content="https://www.proofpoint.com/sites/default/files/styles/metatag/public/2020-06/pfpt-us-bec-eac-general-banner.jpg?itok=vXSC4Q-H" /> <meta property="og:image:url" content="https://www.proofpoint.com/sites/default/files/styles/metatag/public/2020-06/pfpt-us-bec-eac-general-banner.jpg?itok=vXSC4Q-H" /> <meta property="og:image:secure_url" content="https://www.proofpoint.com/sites/default/files/styles/metatag/public/2020-06/pfpt-us-bec-eac-general-banner.jpg?itok=vXSC4Q-H" /> <meta property="article:published_time" content="2021-01-24T23:57:14-08:00" /> <meta property="article:modified_time" content="2024-10-21T02:33:44-07:00" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:description" content="Learn about Business Email Compromise (BEC), how it works, and different types of threats. Proofpoint shares how to identify and protect against a BEC scam." /> <meta name="twitter:site" content="@proofpoint" /> <meta name="twitter:title" content="What Is BEC? - Business Email Compromise Defined | Proofpoint US" /> <meta name="twitter:url" content="https://www.proofpoint.com/us/threat-reference/business-email-compromise" /> <meta name="twitter:image" content="https://www.proofpoint.com/sites/default/files/styles/metatag/public/2020-06/pfpt-us-bec-eac-general-banner.jpg?itok=vXSC4Q-H" /> <link rel="alternate" hreflang="en-us" href="https://www.proofpoint.com/us/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="en-gb" href="https://www.proofpoint.com/uk/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="fr" href="https://www.proofpoint.com/fr/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="de" href="https://www.proofpoint.com/de/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="es" href="https://www.proofpoint.com/es/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="ja" href="https://www.proofpoint.com/jp/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="en-au" href="https://www.proofpoint.com/au/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="it" href="https://www.proofpoint.com/it/threat-reference/business-email-compromise" /> <script data-cfasync="false" type="text/javascript" id="vwoCode">window._vwo_code=window._vwo_code || (function() { var account_id=767242, version=1.3, settings_tolerance=2000, library_tolerance=2500,z use_existing_jquery=false, is_spa=1, hide_element='body', /* DO NOT EDIT BELOW THIS LINE */ f=false,d=document,code={use_existing_jquery:function(){return use_existing_jquery},library_tolerance:function(){return library_tolerance},finish:function(){if(!f){f=true;var e=d.getElementById('_vis_opt_path_hides');if(e)e.parentNode.removeChild(e)}},finished:function(){return f},load:function(e){var t=d.createElement('script');t.fetchPriority='high';t.src=e;t.type='text/javascript';t.innerText;t.onerror=function(){_vwo_code.finish()};d.getElementsByTagName('head')[0].appendChild(t)},init:function(){window.settings_timer=setTimeout(function(){_vwo_code.finish()},settings_tolerance);var e=d.createElement('style'),t=hide_element?hide_element+'{opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important;}':'',i=d.getElementsByTagName('head')[0];e.setAttribute('id','_vis_opt_path_hides');e.setAttribute('nonce',document.querySelector('#vwoCode').nonce);e.setAttribute('type','text/css');if(e.styleSheet)e.styleSheet.cssText=t;else e.appendChild(d.createTextNode(t));i.appendChild(e);this.load('https://dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&f='+ +is_spa+'&vn='+version);return settings_timer}};window._vwo_settings_timer = code.init();return code;}());</script> <meta name="facebook-domain-verification" content="l349mr2tyecyl7w3a1146378lqxru1" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="preload" href="/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2" as="font" crossorigin="anonymous" /> <link rel="preload" href="/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff" as="font" crossorigin="anonymous" /> <link rel="preload" href="/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff" as="font" crossorigin="anonymous" /> <link rel="preload" href="/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2" as="font" crossorigin="anonymous" /> <link rel="preload" href="/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff" as="font" crossorigin="anonymous" /> <link rel="alternate" hreflang="pt" href="https://www.proofpoint.com/br/threat-reference/business-email-compromise" /> <link rel="alternate" hreflang="ko" href="https://www.proofpoint.com/kr/threat-reference/business-email-compromise" /> <title>What Is BEC? - Business Email Compromise Defined | Proofpoint US</title> <link rel="stylesheet" media="all" href="/sites/default/files/css/css_WcSl7P-Ss7FG7eY1ij6nmORMS68V4waWnE3xuYAQtxU.css?delta=0&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex" /> <link rel="stylesheet" media="all" href="/sites/default/files/css/css_IcuYx47ssB-d3ODodVRAAf5EtR0Lkp8yZqVbJ_44M18.css?delta=1&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex" /> <script src="/sites/default/files/js/js_Wi8RdyzDF-uwGcwq9eMv1Giiu7RfMo7nYneG5kg6rd4.js?scope=header&amp;delta=0&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex"></script> </head> <body class="path-node"> <a href="#main-content" class="visually-hidden focusable"> Skip to main content </a> <div class="limit-width-wrapper"> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <div class="header-nav__spacer"></div> <div class="header-nav js-is-top"> <div class="header-nav__extra"> <div class="header-nav__extra-wrap"> <div class="header-nav__top-language" data-open="content:x_lng"> <span>English (Americas)</span> </div> <div class="header-nav__actions"> <div class="header-nav__top-search" data-open="content:x_sch"> <span>Search</span> </div> <div class="header-nav__top-login" data-open="content:x_lgn"> <span>Login</span> </div> </div> </div> </div> <div class="header-nav__main"> <div class="header-nav__main-wrap"> <div class="header-nav__expand" data-open="home"></div> <ul class="header-nav__top-links"> <li class="header-nav__top-link"> <div data-open="content:platform_panel" class="header-nav__top-link-text"> Platform </div> </li> <li class="header-nav__top-link"> <div data-open="content:products_panel" class="header-nav__top-link-text"> Products </div> </li> <li class="header-nav__top-link"> <div data-open="content:solutions_panel" class="header-nav__top-link-text"> Solutions </div> </li> </ul> <a href="/us" class="header-nav__logo">Proofpoint</a> <div class="header-nav__buttons"> <a href=/us/contact class="global-elements__cta-button--outline header-nav__button" > <span>Contact</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> </div> <div class="header-nav__mobile-actions"> <div class="header-nav__mobile-search" data-open="content:x_sch">Search</div> <div class="header-nav__mobile-menu" data-open="home"></div> </div> </div> </div> </div> <div class="header-nav__menu"> <div class="header-nav__menu-wrapper"> <div class="header-nav__menu-close"></div> <div class="header-nav__menu-pane" data-home={true}> <ul class="header-nav__home-links"> <li class="header-nav__home-link" data-open="content:platform_panel" ><span>Platform</span></li> <li class="header-nav__home-link" data-open="content:products_panel" ><span>Products</span></li> <li class="header-nav__home-link" data-open="content:solutions_panel" ><span>Solutions</span></li> <li class="header-nav__home-link" data-open="content:partners_panel" ><span>Partners</span></li> <li class="header-nav__home-link" data-open="content:resources_panel" ><span>Resources</span></li> <li class="header-nav__home-link" data-open="content:company_panel" ><span>Company</span></li> </ul> <div class="header-nav__menu-extras"> <div class="header-nav__menu-search" data-open="content:x_sch">Search</div> <div class="header-nav__menu-login" data-open="content:x_lgn">Login</div> <div class="header-nav__menu-language" data-open="content:x_lng">English (Americas)</div> </div> </div> <div class="header-nav__menu-pane" data-sublinks="Platform"> <div class="header-nav__sublinks"> <div class="header-nav__expand-title">Platform</div> <ul class="header-nav__expand-links"> </ul> </div> </div> <div class="header-nav__menu-pane" data-sublinks="Products"> <div class="header-nav__sublinks"> <div class="header-nav__expand-title">Products</div> <ul class="header-nav__expand-links"> </ul> </div> </div> <div class="header-nav__menu-pane" data-sublinks="Solutions"> <div class="header-nav__sublinks"> <div class="header-nav__expand-title">Solutions</div> <ul class="header-nav__expand-links"> </ul> </div> </div> <div class="header-nav__menu-pane" data-sublinks="Partners"> <div class="header-nav__sublinks"> <div class="header-nav__expand-title">Partners</div> <ul class="header-nav__expand-links"> </ul> </div> </div> <div class="header-nav__menu-pane" data-sublinks="Resources"> <div class="header-nav__sublinks"> <div class="header-nav__expand-title">Resources</div> <ul class="header-nav__expand-links"> </ul> </div> </div> <div class="header-nav__menu-pane" data-sublinks="Company"> <div class="header-nav__sublinks"> <div class="header-nav__expand-title">Company</div> <ul class="header-nav__expand-links"> </ul> </div> </div> <div class="header-nav__menu-pane" data-content="products_panel"> <div class="header-nav__content"> <a href="/us/products/protect-people" class="header-nav__content-link-group-anchor"> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Protect People</div> <div class="header-nav__content-group-desc">Multi-layered, adaptive defenses for threat detection, impersonation, and supplier risk.</div> </div> </a> <div class="header-nav__content-link"> <a href="/us/products/threat-defense" class="header-nav__content-link-text">Email Security</a> </div> <div class="header-nav__content-link"> <a href="/us/products/impersonation-protection" class="header-nav__content-link-text">Impersonation Protection</a> </div> <div class="header-nav__content-link"> <a href="#" class="header-nav__content-link-text" data-open="content:products_more_tp_products_panel">More products</a> </div> <a href="/us/products/defend-data" class="header-nav__content-link-group-anchor"> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Defend Data</div> <div class="header-nav__content-group-desc">Transform your information protection with a human-centric, omni-channel approach.</div> </div> </a> <div class="header-nav__content-link"> <a href="/us/products/data-loss-prevention" class="header-nav__content-link-text">Enterprise DLP</a> </div> <div class="header-nav__content-link"> <a href="/us/products/adaptive-email-dlp" class="header-nav__content-link-text">Adaptive Email DLP</a> </div> <div class="header-nav__content-link"> <a href="/us/products/insider-threat-management" class="header-nav__content-link-text">Insider Threat Management</a> </div> <div class="header-nav__content-link"> <a href="/us/products/compliance-and-archiving" class="header-nav__content-link-text">Intelligent Compliance</a> </div> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Mitigate Human Risk</div> <div class="header-nav__content-group-desc">Unlock full user risk visibility and drive behavior change.</div> </div> <div class="header-nav__content-link"> <a href="/us/products/mitigate-human-risk" class="header-nav__content-link-text">Security Awareness</a> </div> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Augment Your Capabilities</div> </div> <div class="header-nav__content-link"> <a href="/us/products/premium-services" class="header-nav__content-link-text">Managed Services</a> </div> <div class="header-nav__content-link"> <a href="/us/products/packages" class="header-nav__content-link-text">Product Packages</a> </div> <div class="header-nav__content-link-spacer"></div> </div> </div> <div class="header-nav__menu-pane" data-content="products_more_tp_products_panel"> <div class="header-nav__content"> <div class="header-nav__content-heading">More Protect People Products</div> <div class="header-nav__content-link"> <a href="/us/products/identity-protection" class="header-nav__content-link-text">Account Take-Over and Identity Protection</a> <div class="header-nav__content-link-desc">Secure vulnerable identities, stop lateral movement and privilege escalation.</div> </div> <div class="header-nav__content-link"> <a href="/us/products/adaptive-email-security" class="header-nav__content-link-text">Adaptive Email Security</a> <div class="header-nav__content-link-desc">Stop more threats with a fully integrated layer of behavioral AI.</div> </div> <div class="header-nav__content-link"> <a href="/us/products/email-security-and-protection/secure-email-relay" class="header-nav__content-link-text">Secure Email Relay</a> <div class="header-nav__content-link-desc">Secure your application email and accelerate DMARC implementation</div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="solutions_panel"> <div class="header-nav__content"> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Solutions by Use Case</div> <div class="header-nav__content-group-desc">How Proofpoint protects your people and data.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/email-authentication-with-dmarc" class="header-nav__content-link-text">Authenticate Your Email</a> <div class="header-nav__content-link-desc">Protect your email deliverability with DMARC.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/combat-email-and-cloud-threats" class="header-nav__content-link-text">Combat Email and Cloud Threats</a> <div class="header-nav__content-link-desc">Protect your people from email and cloud threats with an intelligent and holistic approach.</div> </div> <div class="header-nav__content-link"> <a href="#" class="header-nav__content-link-text" data-open="content:solutions_by_use_case_panel">More use cases</a> </div> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Solutions by Industry</div> <div class="header-nav__content-group-desc">People-centric solutions for your organization.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/federal" class="header-nav__content-link-text">Federal Government</a> <div class="header-nav__content-link-desc">Cybersecurity for federal government agencies.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/state-and-local-government" class="header-nav__content-link-text">State and Local Government</a> <div class="header-nav__content-link-desc">Protecting the public sector, and the public from cyber threats.</div> </div> <div class="header-nav__content-link"> <a href="#" class="header-nav__content-link-text" data-open="content:solutions_by_industry_panel">More industries</a> </div> <a href="/us/compare" class="header-nav__content-link-group-anchor"> <div class="header-nav__content-link-group"> <div class="header-nav__content-group-title">Comparing Proofpoint</div> <div class="header-nav__content-group-desc">Evaluating cybersecurity vendors? Check out our side-by-side comparisons.</div> </div> </a> <div class="header-nav__content-link"> <a href="#" class="header-nav__content-link-text" data-open="content:compare_proofpoint_panel">View comparisons</a> </div> </div> </div> <div class="header-nav__menu-pane" data-content="solutions_by_use_case_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Solutions By Use Case</h3> <div class="header-nav__content-heading">How Proofpoint protects your people and data.</div> <div class="header-nav__content-link"> <a href="/us/solutions/change-user-behavior" class="header-nav__content-link-text">Change User Behavior</a> <div class="header-nav__content-link-desc">Help your employees identify, resist and report attacks before the damage is done.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/combat-data-loss-and-insider-risk" class="header-nav__content-link-text">Combat Data Loss and Insider Risk</a> <div class="header-nav__content-link-desc">Prevent data loss via negligent, compromised and malicious insiders.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/enable-intelligent-compliance" class="header-nav__content-link-text">Modernize Compliance and Archiving</a> <div class="header-nav__content-link-desc">Manage risk and data retention needs with a modern compliance and archiving solution.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/protect-cloud-apps" class="header-nav__content-link-text">Protect Cloud Apps</a> <div class="header-nav__content-link-desc">Keep your people and their cloud apps secure by eliminating threats and data loss.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/prevent-loss-from-ransomware" class="header-nav__content-link-text">Prevent Loss from Ransomware</a> <div class="header-nav__content-link-desc">Learn about this growing threat and stop attacks by securing ransomware&#039;s top vector: email.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/secure-microsoft-365" class="header-nav__content-link-text">Secure Microsoft 365</a> <div class="header-nav__content-link-desc">Implement the best security and compliance solution for Microsoft 365.</div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="solutions_by_industry_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Solutions By Industry</h3> <div class="header-nav__content-heading">People-centric solutions for your organization.</div> <div class="header-nav__content-link"> <a href="/us/solutions/higher-education-security" class="header-nav__content-link-text">Higher Education</a> <div class="header-nav__content-link-desc">A higher level of security for higher education.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/financial-services-and-insurance" class="header-nav__content-link-text">Financial Services</a> <div class="header-nav__content-link-desc">Eliminate threats, build trust and foster growth for your organization.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/healthcare-information-security" class="header-nav__content-link-text">Healthcare</a> <div class="header-nav__content-link-desc">Protect clinicians, patient data, and your intellectual property against advanced threats.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/mobile-message-security-solutions-for-service-providers" class="header-nav__content-link-text">Mobile Operators</a> <div class="header-nav__content-link-desc">Make your messaging environment a secure environment.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/email-security-solutions-for-service-providers" class="header-nav__content-link-text">Internet Service Providers</a> <div class="header-nav__content-link-desc">Cloudmark email protection.</div> </div> <div class="header-nav__content-link"> <a href="/us/solutions/protection-compliance-small-business" class="header-nav__content-link-text">Small and Medium Businesses</a> <div class="header-nav__content-link-desc">Big-time security for small business.</div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="compare_proofpoint_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Proofpoint vs. the competition</h3> <div class="header-nav__content-heading">Side-by-side comparisons.</div> <div class="header-nav__content-link"> <a href="/us/compare/proofpoint-vs-abnormal-security" class="header-nav__content-link-text">Proofpoint vs. Abnormal Security</a> </div> <div class="header-nav__content-link"> <a href="/us/compare/proofpoint-vs-mimecast" class="header-nav__content-link-text">Proofpoint vs. Mimecast</a> </div> <div class="header-nav__content-link"> <a href="/us/compare/proofpoint-vs-cisco" class="header-nav__content-link-text">Proofpoint vs. Cisco</a> </div> <div class="header-nav__content-link"> <a href="/us/compare/proofpoint-vs-microsoft" class="header-nav__content-link-text">Proofpoint vs Microsoft</a> </div> <div class="header-nav__content-link"> <a href="/us/compare/proofpoint-vs-microsoft-purview" class="header-nav__content-link-text">Proofpoint vs. Microsoft Purview</a> </div> <div class="header-nav__content-link"> <a href="/us/compare/proofpoint-vs-legacy-dlp" class="header-nav__content-link-text">Proofpoint vs. Legacy DLP</a> </div> </div> </div> <div class="header-nav__menu-pane" data-content="partners_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Partners</h3> <div class="header-nav__content-heading">Deliver Proofpoint solutions to your customers.</div> <a href=https://partners.proofpoint.com class="global-elements__cta-button header-nav__content-button" > <span>Channel Partners</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> <div class="header-nav__content-link"> <a href="/us/partners/trusted-data-solutions-partnership" class="header-nav__content-link-text">Archive Extraction Partners</a> <div class="header-nav__content-link-desc">Learn about Extraction Partners.</div> </div> <div class="header-nav__content-link"> <a href="/us/global-system-integrator-gsi-and-global-managed-service-provider-msp-partners" class="header-nav__content-link-text">GSI and MSP Partners</a> <div class="header-nav__content-link-desc">Learn about our global consulting.</div> </div> <div class="header-nav__content-link"> <a href="/us/partners/technology-alliance-partners" class="header-nav__content-link-text">Technology and Alliance Partners</a> <div class="header-nav__content-link-desc">Learn about our relationships.</div> </div> <div class="header-nav__content-link"> <a href="/us/partners/digital-risk-and-compliance-partners" class="header-nav__content-link-text">Social Media Protection Partners</a> <div class="header-nav__content-link-desc">Learn about the technology and....</div> </div> <div class="header-nav__content-link"> <a href="/us/channel-partners-small-and-medium-business" class="header-nav__content-link-text">Proofpoint Essentials Partner Programs</a> <div class="header-nav__content-link-desc">Small Business Solutions .</div> </div> <div class="header-nav__content-link"> <a href="https://partners.proofpoint.com/prm/English/s/applicant" class="header-nav__content-link-text">Become a Channel Partner</a> </div> </div> </div> <div class="header-nav__menu-pane" data-content="resources_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Resources</h3> <div class="header-nav__content-heading">Find reports, webinars, blogs, events, podcasts and more.</div> <a href=/us/resources class="global-elements__cta-button header-nav__content-button" > <span>Resource Library</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> <div class="header-nav__content-link"> <a href="/us/blog" class="header-nav__content-link-text">Blog</a> <div class="header-nav__content-link-desc">Keep up with the latest news and happenings.</div> </div> <div class="header-nav__content-link"> <a href="/us/webinars" class="header-nav__content-link-text">Webinars</a> <div class="header-nav__content-link-desc">Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity.</div> </div> <div class="header-nav__content-link"> <a href="/us/cybersecurity-academy" class="header-nav__content-link-text">Cybersecurity Academy</a> <div class="header-nav__content-link-desc">Earn your certification to become a Proofpoint Certified Guardian.</div> </div> <div class="header-nav__content-link"> <a href="/us/podcasts" class="header-nav__content-link-text">Podcasts</a> <div class="header-nav__content-link-desc">Learn about the human side of cybersecurity.</div> </div> <div class="header-nav__content-link"> <a href="/us/new-perimeters" class="header-nav__content-link-text">New Perimeters Magazine</a> <div class="header-nav__content-link-desc">Get the latest cybersecurity insights in your hands.</div> </div> <div class="header-nav__content-link"> <a href="/us/threat-reference" class="header-nav__content-link-text">Threat Glossary</a> <div class="header-nav__content-link-desc">Learn about the latest security threats.</div> </div> <div class="header-nav__content-link"> <a href="/us/events" class="header-nav__content-link-text">Events</a> <div class="header-nav__content-link-desc">Connect with us at events to learn how to protect your people and data from ever-evolving threats.</div> </div> <div class="header-nav__content-link"> <a href="/us/customer-stories" class="header-nav__content-link-text">Customer Stories</a> <div class="header-nav__content-link-desc">Read how our customers solve their most pressing cybersecurity challenges.</div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="company_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Company</h3> <div class="header-nav__content-heading">Proofpoint protects organizations' greatest assets and biggest risks: their people.</div> <a href=/us/company/about class="global-elements__cta-button header-nav__content-button" > <span>About Proofpoint</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> <div class="header-nav__content-link"> <a href="/us/why-proofpoint" class="header-nav__content-link-text">Why Proofpoint</a> <div class="header-nav__content-link-desc">Learn about our unique people-centric approach to protection.</div> </div> <div class="header-nav__content-link"> <a href="/us/company/careers" class="header-nav__content-link-text">Careers</a> <div class="header-nav__content-link-desc">Stand out and make a difference at one of the world&#039;s leading cybersecurity companies.</div> </div> <div class="header-nav__content-link"> <a href="/us/newsroom" class="header-nav__content-link-text">News Center</a> <div class="header-nav__content-link-desc">Read the latest press releases, news stories and media highlights about Proofpoint.</div> </div> <div class="header-nav__content-link"> <a href="/us/legal/trust" class="header-nav__content-link-text">Privacy and Trust</a> <div class="header-nav__content-link-desc">Learn about how we handle data and make commitments to privacy and other regulations.</div> </div> <div class="header-nav__content-link"> <a href="/us/legal/esg" class="header-nav__content-link-text">Environmental, Social, and Governance</a> <div class="header-nav__content-link-desc">Learn how we apply our principles to positively impact our community.</div> </div> <div class="header-nav__content-link"> <a href="/us/support-services" class="header-nav__content-link-text">Support</a> <div class="header-nav__content-link-desc">Access the full range of Proofpoint support services.</div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="platform_panel"> <div class="header-nav__content"> <h3 class="header-nav__content-title">Platform</h3> <div class="header-nav__content-heading">Discover the Proofpoint human-centric platform.</div> <a href=/us/platform class="global-elements__cta-button header-nav__content-button" > <span>Learn More</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> <div class="header-nav__content-link"> <a href="/us/platform/nexus" class="header-nav__content-link-text">Proofpoint Nexus</a> <div class="header-nav__content-link-desc">Detection technologies to protect people and defend data.</div> </div> <div class="header-nav__content-link"> <a href="/us/platform/zen" class="header-nav__content-link-text">Proofpoint Zen</a> <div class="header-nav__content-link-desc">Protect and engage users wherever they work.</div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="x_sch"> <div class="header-nav__content"> <div class="header-nav__content-title--search"> Search Proofpoint </div> <div class="header-nav__search"> <form class="header-nav__search-form"> <input type="text" class="header-nav__search-input" placeholder=""> <input type="submit" class="header-nav__search-button" val="Search"> </form> <div class="header-nav__search-sugg-title">Try searching for</div> <div class="header-nav__search-suggestions"> <a href="/us/search?content%5Bquery%5D=Email%20Security" class="header-nav__search-suggestion">Email Security</a> <a href="/us/search?content%5Bquery%5D=Phishing" class="header-nav__search-suggestion">Phishing</a> <a href="/us/search?content%5Bquery%5D=DLP" class="header-nav__search-suggestion">DLP</a> <a href="/us/search?content%5Bquery%5D=Email%20Fraud" class="header-nav__search-suggestion">Email Fraud</a> </div> </div> </div> </div> <div class="header-nav__menu-pane" data-content="x_lgn"> <div class="header-nav__content"> <div class="header-nav__content-title"> Select Product Login </div> <ul class="header-nav__logins"> <li class="header-nav__content-login"> <a href="https://proofpoint.my.site.com/community/s/" target="_blank">Support Log-in</a> </li> <li class="header-nav__content-login"> <a href="https://proofpointcybersecurityacademy.adobelearningmanager.com" target="_blank">Proofpoint Cybersecurity Academy</a> </li> <li class="header-nav__content-login"> <a href="https://digitalrisk.proofpoint.com/" target="_blank">Digital Risk Portal</a> </li> <li class="header-nav__content-login"> <a href="https://emaildefense.proofpoint.com/login.php" target="_blank">Email Fraud Defense</a> </li> <li class="header-nav__content-login"> <a href="https://threatintel.proofpoint.com/" target="_blank">ET Intelligence</a> </li> <li class="header-nav__content-login"> <a href="https://us1.proofpointessentials.com/app/login.php" target="_blank">Proofpoint Essentials</a> </li> <li class="header-nav__content-login"> <a href="https://proofpointcommunities.force.com/community" target="_blank">Sendmail Support Log-in</a> </li> </ul> </div> </div> <div class="header-nav__menu-pane" data-content="x_lng"> <div class="header-nav__content"> <div class="header-nav__content-title"> Select Language </div> <ul class="header-nav__language-links"> <li class="header-nav__language-link"> <a href="/us">English (Americas)</a> </li> <li class="header-nav__language-link"> <a href="/uk">English (Europe, Middle East, Africa)</a> </li> <li class="header-nav__language-link"> <a href="/au">English (Asia-Pacific)</a> </li> <li class="header-nav__language-link"> <a href="/es">Español</a> </li> <li class="header-nav__language-link"> <a href="/de">Deutsch</a> </li> <li class="header-nav__language-link"> <a href="/fr">Français</a> </li> <li class="header-nav__language-link"> <a href="/it">Italiano</a> </li> <li class="header-nav__language-link"> <a href="/br">Português</a> </li> <li class="header-nav__language-link"> <a href="/jp">日本語</a> </li> <li class="header-nav__language-link"> <a href="/kr">한국어</a> </li> </ul> </div> </div> </div> </div> <div class="layout-container"> <div> <div data-drupal-messages-fallback class="hidden"></div> </div> <main class="container" role="main"> <a id="main-content" tabindex="-1"></a> <section class="row"> <div class="layout-content"> <div> <div id="block-particle-content"> <article about="/us/threat-reference/business-email-compromise" class="node--type--glossary node--view-mode--full node node-glossary-full"> <script type="application/ld+json"> { "@context": "https://schema.org/", "@type": "DefinedTerm", "name": "Business Email Compromise (BEC)", "description": "What Is BEC? Types of Business Email Compromise How Do BEC Attacks Work? How Do I Protect Against BEC Exploits? Protect Against BEC Attacks Learn More About BEC and EAC Threats", "url": "https://www.proofpoint.com/us/threat-reference/business-email-compromise", "inDefinedTermSet": "https://www.proofpoint.com/us/threat-reference" } </script> <div class="glossary-content__breadcrumbs"> <div class="breadcrumbs"><div class="nav-crumbs"><div class="breadcrumb__item"><a href="/us/threat-reference" class="breadcrum__item-link">Glossary</a></div><div class="breadcrumb__item"> Business Email Compromise (BEC) </div></div></div> </div> <div class="glossary-content__hero"> <div class="paragraph paragraph--type--hero-banner-v3 paragraph--view-mode--default hero-banner-v3" style="background-image: url(&quot;/sites/default/files/styles/webp_conversion/public/general-banners/pfpt-placeholder-banner-2022.png.webp?itok=E050rqaL&quot;)"> <div class="hero-banner-v3__wrapper hero-banner-v3__wrapper-default"> <h1 class="hero-banner-v3__title"> Business Email Compromise (BEC) </h1> <a href=/us/resources/data-sheets/email-protection class="global-elements__cta-button--white" target="" > <span>Get the Proofpoint Email Protection Data Sheet</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> <a href=/us/resources/e-books/business-email-compromise-handbook class="global-elements__cta-button" target="" > <span>Download the BEC Handbook</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> </div> </div> </div> <div class="glossary-content"> <h3 class="glossary-content__headline"> Table of Contents </h3> <div class="node-full__body glossary-content__body"> <ul> <li><a href="#toc-1">What Is BEC?</a></li> <li><a href="#toc-2">Types of Business Email Compromise</a></li> <li><a href="#toc-3">How Do BEC Attacks Work?</a></li> <li><a href="#toc-4">How Do I Protect Against BEC Exploits?</a></li> <li><a href="#toc-5">Protect Against BEC Attacks</a></li> <li><a href="#toc-6">Learn More About BEC and EAC Threats</a></li> </ul> </div> </div> <div class="glossary__components"> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__sm"> </div> </div> </div> <span data-smooth-scroll="true" class="anchor_link" id="toc-1"></span> <div class="paragraph paragraph--type--text-columns paragraph--view-mode--full text-cols"> <div class="block-text-cols__cols block-text-cols__cols-1"> <div class="paragraph paragraph--type--text-column paragraph--view-mode--default block-text-cols__cols__item"> <h3 class="block-text-cols__title">What Is BEC?</h3> <div class="block-text-cols__body"> <p>Business email compromise (BEC) is a type of email <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="9d13fa57-de2c-4a74-a4a7-5797b49b9852" href="/us/threat-reference/information-seeking-scams" title="Information Seeking Scams">information-seeking scam</a> in which an attacker targets a business to defraud the company. Business email compromise is a large and growing problem that targets organizations of all sizes across every industry around the world. BEC scams have exposed organizations to billions of dollars in potential losses.</p> <p><a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="afa7ca30-3eec-42b7-83d1-f921f80b446e" href="/us/threat-reference/email-account-compromise" title="Email Account Compromise (EAC)">Email account compromise</a> (EAC), or <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="9f63b3f1-1989-492f-85fc-d524ea8b194d" href="/us/threat-reference/account-takeover-fraud" title="Account Takeover Fraud">email account takeover</a>, is a related threat that is accelerating in an era of cloud-based infrastructure. EAC is often associated with BEC because <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="25dae3ba-b983-4d12-ba25-430ad1ec71d7" href="/us/threat-reference/compromised-account" title="Compromised Account">compromised accounts</a> are used in a growing number of BEC-like scams (though EAC is also the basis of other kinds of cyber attacks).</p> <p>BEC and EAC are difficult to detect and prevent, especially with legacy tools, point products and native cloud platform defenses.</p> <p>&nbsp;</p> <p><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen frameborder="0" height="315" src="https://www.youtube.com/embed/GoQHsMnQJ9c" title="YouTube video player" width="560"></iframe></p> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <div class="paragraph paragraph--type--free-trial-panel paragraph--view-mode--full free-trial-panel free-trial-panel--black v3-dark-bg-only free-trial-panel--no-img"> <div class="free-trial-panel__wrapper"> <div class="free-trial-panel__content"> <div class="free-trial-panel__heading"> <h3>Cybersecurity Education and Training Begins Here</h3> </div> <a href=# class="global-elements__cta-button--white free-trial-panel__action-btn" > <span>Start a Free Trial</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> </div> </div> <div class="free-trial-panel-form"> <div class="paragraph paragraph--type--marketo-form paragraph--view-mode--default marketo-form UNCONVERTED"> <div class="marketo-form__content"> <h2>Here’s how your free trial works:</h2> <ul> <li>Meet with our cybersecurity experts to assess your environment and identify your threat risk exposure</li> <li>Within 24 hours and minimal configuration, we'll deploy our solutions for 30 days</li> <li>Experience our&nbsp;technology in action!</li> <li>Receive report outlining your security vulnerabilities to help you take immediate action against cybersecurity attacks</li> </ul> <p>Fill out this form to request a meeting with our cybersecurity experts.</p> </div> <div class="marketo-form__form-container"> <div class="mk-form"> <div class="mk-form__form-container"> <script type="IN/Form2" data-data-form="mktoForm_3331" data-field-firstname="FirstName" data-field-lastname="LastName" data-field-email="Email" data-field-company="Company" data-field-title="Title" data-field-state="State" data-field-country="Country" ></script> <form id="mktoForm_3331" data-mkto-id="3331" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label="" data-lang-code="us" data-validate-email="1" class="mk-form__form marketo-form-block__form" ></form> </div> </div> <div class="mk-form__success"> <p>Thank you for your submission.</p> </div> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__lg"> </div> </div> </div> <span data-smooth-scroll="true" class="anchor_link" id="toc-2"></span> <div class="paragraph paragraph--type--text-columns paragraph--view-mode--full text-cols"> <div class="block-text-cols__cols block-text-cols__cols-1"> <div class="paragraph paragraph--type--text-column paragraph--view-mode--default block-text-cols__cols__item"> <h3 class="block-text-cols__title">Types of Business Email Compromise</h3> <div class="block-text-cols__body"> <p>The FBI defines 5 major types of BEC scams:</p> <ul> <li><strong>CEO Fraud:</strong> Here the attackers position themselves as the CEO or executive of a company and typically email an individual within the finance department, requesting funds to be transferred to an account controlled by the attacker.</li> <li><strong>Account Compromise:</strong> An employee’s email account is hacked and is used to request payments to vendors. Payments are then sent to fraudulent bank accounts owned by the attacker.</li> <li><strong>False Invoice Scheme:</strong> Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and request fund transfers to fraudulent accounts.</li> <li><strong>Attorney Impersonation:</strong> This is when an attacker impersonates a lawyer or legal representative. Lower level employees are commonly targeted through these types of attacks where one wouldn’t have the knowledge to question the validity of the request.</li> <li><strong><a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="e939cb11-b7ad-40a6-b722-d16e902ff6af" href="/us/threat-reference/data-theft" title="Data Theft">Data Theft</a>:</strong> These types of attacks typically target HR employees in an attempt to obtain personal or sensitive information about individuals within the company such as CEOs and executives. This data can then be leveraged for future attacks such as <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="8351fbfa-c1fb-4749-a8ca-4b0850151f1d" href="/us/threat-reference/ceo-fraud" title="CEO Fraud">CEO Fraud</a>.</li> </ul> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <span data-smooth-scroll="true" class="anchor_link" id="toc-3"></span> <div class="paragraph paragraph--type--text-columns paragraph--view-mode--full text-cols"> <div class="block-text-cols__cols block-text-cols__cols-1"> <div class="paragraph paragraph--type--text-column paragraph--view-mode--default block-text-cols__cols__item"> <h3 class="block-text-cols__title">How Do BEC Attacks Work?</h3> <div class="block-text-cols__body"> <p>In a BEC scam, the attacker poses as someone the recipient should trust—typically a colleague, boss or vendor. The sender asks the recipient to make a wire transfer, divert payroll, change banking details for future payments and so on.</p> <p>BEC attacks are difficult to detect because they don’t use malware or malicious URLs that can be analyzed with standard cyber defenses. Instead, BEC attacks rely instead on impersonation and other <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="4d1cd792-cfe7-4903-8091-18e49f4e61c3" href="/us/threat-reference/social-engineering" title="Social Engineering">social engineering</a> techniques to trick people interacting on the attacker’s behalf.</p> <p>Because of their targeted nature and use of social engineering, manually investigating and remediating these attacks is difficult and time consuming.</p> <p>BEC scams use a variety of <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="7efea6e9-d172-42f3-8eb3-ff2886a123a6" href="/us/threat-reference/impersonation-attack" title="Email Impersonation Attacks">impersonation techniques</a>, such as domain spoofing and lookalike domains. These attacks are effective because domain misuse is a complex problem. Stopping <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="5bf457e7-0b2a-40e0-9bd4-8e266b1fefcf" href="/us/threat-reference/domain-spoofing" title="Domain Spoofing">domain spoofing</a> is hard enough—anticipating every potential lookalike domain is even harder. And that difficulty only multiplies with every domain of an outside partner that could be used in a BEC attack to exploit users’ trust.</p> <p>In EAC, the attacker gains control of a legitimate email account, allowing them to launch similar BEC-style. But in these cases, the attacker isn’t just trying to pose as someone—for all practical purposes, the attacker <em>is</em> that person.</p> <p>Because BEC and EAC focus on human frailty rather than technical vulnerabilities, they require a people-centric defense that can prevent, detect, and respond to a wide range of BEC and EAC techniques.</p> <p>&nbsp;</p> <article> <img src="/sites/default/files/styles/webp_conversion/public/users_content/284/bec_example-1.jpg.webp?itok=CfEaqJtY" width="444" height="405" loading="lazy" typeof="foaf:Image"> </article> <p>&nbsp;</p> <h4>PHASE 1 – Email List Targeting</h4> <p>The attackers begin by building a targeted list of emails. Common tactics include mining LinkedIn profiles, sifting through business email databases, or even going through various websites in search of contact information.</p> <h4>PHASE 2 – Launch Attack</h4> <p>Attackers begin rolling out their BEC attacks by sending out mass emails. It’s difficult to identify malicious intent at this stage since attackers will utilize tactics such as spoofing, look-alike domains, and fake email names.</p> <h4>PHASE 3 – Social Engineering</h4> <p>At this stage attackers will impersonate individuals within a company such as CEOs or other individuals within finance departments. It’s common to see emails that request urgent responses.</p> <h4>PHASE 4 – Financial Gain</h4> <p>If attackers can successfully build trust with an individual, this is typically the phase where financial gain or data breach is made.</p> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <span data-smooth-scroll="true" class="anchor_link" id="toc-4"></span> <div class="paragraph paragraph--type--text-columns paragraph--view-mode--full text-cols"> <div class="block-text-cols__cols block-text-cols__cols-1"> <div class="paragraph paragraph--type--text-column paragraph--view-mode--default block-text-cols__cols__item"> <h3 class="block-text-cols__title">How Do I Protect Against BEC Exploits?</h3> <div class="block-text-cols__body"> <p>BEC and EAC are complex problems that require multi-layered defenses. Effectively stopping these exploits means:</p> <ul> <li>Stopping the wide range of BEC/EAC tactics.</li> <li>Getting visibility into malicious activities and user behavior—both within your environment and in the cloud.</li> <li>Automating detection and threat response.</li> </ul> <p>An effective BEC/EAC defense secures all of the channels that attackers exploit. These include corporate email, personal webmail, business partners’ email, cloud apps, your web domain, the web and users’ own behavior.</p> <p>Because BEC and EAC rely on a willing (though unwitting) victim, attack visibility, email protection and user awareness all play key roles in an effective defense.</p> <p>Train your users to look for these signs that the email may not be what it seems:</p> <ul> <li><strong>High-level executives asking for unusual information:</strong> How many CEOs actually want to review W2 and tax information for individual employees? While most of us will naturally respond promptly to an email from the C-suite, it's worth pausing to consider whether the email request makes sense. A CFO might ask for aggregated compensation data or a special report, but individual employee data is less likely.</li> <li><strong>Requests to not communicate with others:</strong> Impostor emails often ask the recipient to keep the request confidential or only communicate with the sender via email.</li> <li><strong>Requests that bypass normal channels:</strong> Most organizations have accounting systems through which bills and payments must be processed, no matter how urgent the request. When these channels are bypassed by an email directly from an executive requesting, for example, that an urgent wire transfer be completed ASAP, the recipient should be suspicious.</li> <li><strong>Language issues and unusual date formats:</strong> Some lure emails have flawless grammar, and some CEOs write emails in broken English. But the presence of European date formats (day month year) or sentence construction that suggests an email was written by a non-native speaker are common in many of these attacks.</li> <li><strong>Email domains and “Reply To” addresses that do not match sender’s addresses:</strong> Business Email Compromise emails often user spoofed and lookalike sender addresses that are easy to miss if the recipient isn’t paying attention. (yourc0mpany.com instead of yourcompany.com, for example).</li> </ul> <p>Robust email security, domain authentication, account protection, content inspection and user awareness must work together in a holistic fashion.</p> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <span data-smooth-scroll="true" class="anchor_link" id="toc-5"></span> <div class="paragraph paragraph--type--text-columns paragraph--view-mode--full text-cols"> <div class="block-text-cols__cols block-text-cols__cols-1"> <div class="paragraph paragraph--type--text-column paragraph--view-mode--default block-text-cols__cols__item"> <h3 class="block-text-cols__title">Protect Against BEC Attacks</h3> <div class="block-text-cols__body"> <p>Here are a few tips to <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="d2dcea05-2366-4fcc-95d9-b9ac277828f0" href="/us/solutions/bec-and-eac-protection" title="Business Email Compromise">protect against BEC and EAC</a> scams and keep organizations safe in the face of these increasingly common attacks:</p> <ul> <li><strong>Be suspicious.</strong> Asking for clarification, forwarding an email to IT, or checking with a colleague is better than wiring hundreds of thousands of dollars to a fake company in China.</li> <li><strong>If something doesn't feel right, it probably isn't.</strong> Encourage employees to trust their instincts and ask “Would my CEO actually tell me to do this?” or “Why isn't this supplier submitting an invoice through our portal?”</li> <li><strong>Slow down.</strong> Attackers often time their campaigns around our busiest periods of the day for good reason. If a human resources manager is quickly going through emails, she is less likely to pause and consider whether a particular request is suspect.</li> </ul> <p>&nbsp;</p> <p><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen frameborder="0" height="315" src="https://www.youtube.com/embed/9xu-akozOc0" width="560"></iframe></p> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <span data-smooth-scroll="true" class="anchor_link" id="toc-6"></span> <div class="paragraph paragraph--type--text-columns paragraph--view-mode--full text-cols"> <div class="block-text-cols__cols block-text-cols__cols-1"> <div class="paragraph paragraph--type--text-column paragraph--view-mode--default block-text-cols__cols__item"> <h3 class="block-text-cols__title">Learn More About BEC and EAC Threats</h3> <div class="block-text-cols__body"> <p>Impostor emails are purpose-built to impersonate someone your users trust and trick them into sending money or personal information to cyber criminals. Proofpoint is the only vendor that can provide an integrated, holistic solution that addresses all attackers’ tactics, provides visibility into malicious activities and user behavior, and automates detection and threat response.</p> </div> <div class="block-text-cols__links"> <div class="block-text-cols__links__item"> <a href=/us/solutions/bec-and-eac-protection class="global-elements__cta-button block-text-cols__links__link" target="" > <span>Learn How Our People-Centric Approach Can Help Stop Attacks</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> </div> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <div class="paragraph paragraph--type--resources paragraph--view-mode--full resources-block"> <div class="resources-block__wrapper"> <div class="resources-block__inner-wrapper"> <div class="resources-block__heading-wrapper"> <h3 class="resources-block__heading"> Related Business Email Compromise Resources </h3> </div> <div class="resources-block__resources"> <div about="/us/resources/white-papers/bec-scams" class="node--type--resource-item node--view-mode--teaser-v3 resource-teaser-v3"> <a class="resource-teaser-v3__url" href="/us/resources/white-papers/bec-scams"> <div class="resource-teaser-v3__image" data-type="ebook"></div> <h3 class="resource-teaser-v3__type">E-book</h3> <h4 class="resource-teaser-v3__title"> You've Got Email Fraud!<br /> A Roundup of the Top 10 Email and Phishing Scams: 2023 Edition </h4> </a> </div> <div about="/us/resources/webinars/dos-and-donts-bec-eac" class="node--type--resource-item node--view-mode--teaser-v3 resource-teaser-v3"> <a class="resource-teaser-v3__url" href="/us/resources/webinars/dos-and-donts-bec-eac"> <div class="resource-teaser-v3__image" data-type="webinar"></div> <h3 class="resource-teaser-v3__type">Webinar</h3> <h4 class="resource-teaser-v3__title"> Do's and Don’ts for Business Email Compromise (BEC) & Email Account Compromise (EAC) </h4> </a> </div> <div about="/us/resources/analyst-reports/gartner-market-guide-insider-risk-management" class="node--type--resource-item node--view-mode--teaser-v3 resource-teaser-v3"> <a class="resource-teaser-v3__url" href="/us/resources/analyst-reports/gartner-market-guide-insider-risk-management"> <div class="resource-teaser-v3__image" data-type="analyst-report"></div> <h3 class="resource-teaser-v3__type">Analyst Report</h3> <h4 class="resource-teaser-v3__title"> Proofpoint Recognized in 2023 Gartner® Market Guide for Insider Risk Management Solutions </h4> </a> </div> <div about="/us/resources/e-books/definitive-email-security-strategy-guide" class="node--type--resource-item node--view-mode--teaser-v3 resource-teaser-v3"> <a class="resource-teaser-v3__url" href="/us/resources/e-books/definitive-email-security-strategy-guide"> <div class="resource-teaser-v3__image" data-type="ebook"></div> <h3 class="resource-teaser-v3__type">E-book</h3> <h4 class="resource-teaser-v3__title"> The Definitive Email Cybersecurity Strategy Guide - Protect Your People From Email Attacks and Threats </h4> </a> </div> </div> <div class="resources-block__link-wrapper"> <a class="resources-block__link" href="/us/resources"> See more resources </a> </div> </div> </div> </div> <div class="subscribe-block blog-subscribe" data-animate="true"> <div class="subscribe-block__inner blog-subscribe__inner"> <div class="subscribe-block__copy"> <h3 class="subscribe-block__heading"> Subscribe to the Proofpoint Blog </h3> </div> <div class="subscribe-block__form"> <div class="mk-form"> <div class="mk-form__form-container"> <script type="IN/Form2" data-data-form="mktoForm_19277" data-field-firstname="FirstName" data-field-lastname="LastName" data-field-email="Email" data-field-company="Company" data-field-title="Title" data-field-state="State" data-field-country="Country" ></script> <form id="mktoForm_19277" data-mkto-id="19277" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label="" data-lang-code="us" data-validate-email="1" class="mk-form__form marketo-form-block__form" ></form> </div> </div> </div> </div> </div> <div class="paragraph paragraph--type--space paragraph--view-mode--full space"> <div class="space__wrapper"> <div class="space__item space__md"> </div> </div> </div> <div class="paragraph paragraph--type--cta-banner paragraph--view-mode--full cta-banner cta-banner--bg" data-background-image="/sites/default/files/styles/webp_conversion/public/cta-banner/cta-bkgd.jpg.webp?itok=lGrCI_5c"> <div class="cta-banner__wrapper"> <h2 class="cta-banner__heading"> Ready to Give Proofpoint a Try? </h2> <p class="cta-banner__body">Start with a free Proofpoint trial.</p> <div class="cta-banner__buttons"> <a href=/us/free-trial-request-legacy class="global-elements__cta-button--white" target="" > <span>Get Protected</span> <div class="global-elements__cta-button--arrow-wrapper"></div> </a> </div> </div> </div> </div> <div class="glossary__content-pager"> <div class="content-pager"> <div class="content-pager__items-wrapper"> <div class="content-pager__items"> <div class="content-pager__item content-pager__item--prev"> <a href="/us/threat-reference/brute-force-attack" hreflang="en">Previous Glossary</a> </div> <div class="content-pager__item content-pager__item--next"> <a href="/us/threat-reference/byod" hreflang="en">Next Glossary</a> </div> </div> </div> </div> </div> </article> </div> </div> </div> </section> </main> </div> <div class="footer-v3" data-animate="true"> <div class="footer-v3__inner"> <nav class="footer-v3__nav"> <div class="footer-v3__nav-wrapper"> <div class="footer-v3__nav-heading">Products</div> <ul class="footer-v3__nav-collapsible"> <li><a href="/us/products/protect-people">Protect People</a></li> <li><a href="/us/products/defend-data">Defend Data</a></li> <li><a href="/us/products/mitigate-human-risk">Mitigate Human Risk</a></li> <li><a href="/us/products/premium-services">Premium Services</a></li> </ul> </div> <div class="footer-v3__nav-wrapper"> <div class="footer-v3__nav-heading">Get Support</div> <ul class="footer-v3__nav-collapsible"> <li><a href="https://proofpoint.my.site.com/community/s/" target="_blank">Product Support Login</a></li> <li><a href="/us/support-services">Support Services</a></li> <li><a href="https://ipcheck.proofpoint.com" target="_blank">IP Address Blocked?</a></li> </ul> </div> <div class="footer-v3__nav-wrapper"> <div class="footer-v3__nav-heading">Connect with Us</div> <ul class="footer-v3__nav-collapsible"> <li><a href="tel:+1-408-517-4710" class="icon-phone-ppoint">+1-408-517-4710</a></li> <li><a href="/us/events">Attend an Event</a></li> <li><a href="/us/contact">Contact Us</a></li> <li><a href="/us/free-demo-request">Free Demo Request</a></li> </ul> </div> <div class="footer-v3__nav-wrapper"> <div class="footer-v3__nav-heading">More</div> <ul class="footer-v3__nav-collapsible"> <li><a href="/us/company/about">About Proofpoint</a></li> <li><a href="/us/why-proofpoint">Why Proofpoint</a></li> <li><a href="/us/company/careers">Careers</a></li> <li><a href="/us/leadership-team">Leadership Team</a></li> <li><a href="/us/newsroom">News Center</a></li> <li><a href="/us/legal/trust">Privacy and Trust</a></li> </ul> </div> </nav> <div class="footer-v3__bottom-wrap"> <section class="footer-v3__bottom"> <div class="footer-v3__logo"> <a href="/us" class="footer-v3__logo-link"> <div class="footer-v3__logo-image"></div> </a> <div class="footer-v3__bottom-copyright-info">&copy; 2024. All rights reserved. </div> </div> <div class="footer-v3__bottom-copyright"> <a class="footer-v3__bottom-copyright-info" href="/us/legal/license">Terms and conditions</a> <a class="footer-v3__bottom-copyright-info" href="/us/legal/privacy-policy">Privacy Policy</a> <a class="footer-v3__bottom-copyright-info" href="/us/sitemap">Sitemap</a> </div> <ul class="footer-v3__bottom-social-menu"> <li> <a href="http://www.facebook.com/proofpoint" class="icon-facebook" target="_blank"></a> </li> <li> <a href="http://www.twitter.com/proofpoint" class="icon-twitter" target="_blank"></a> </li> <li> <a href="https://www.linkedin.com/company/proofpoint" class="icon-linkedin" target="_blank"></a> </li> <li> <a href="https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ" class="icon-youtube-play" target="_blank"></a> </li> <li> <a href="https://www.instagram.com/proofpoint" class="icon-instagram" target="_blank"></a> </li> </ul> </section> </div> </div> </div> </div> <script type="text/javascript">document.write(unescape("%3Cscript src='//munchkin.marketo.net/munchkin.js' type='text/javascript'%3E%3C/script%3E")); </script> <script>Munchkin.init('309-RHV-619');</script><div class="element-invisible" style="clear:both;"><!-- Google Code for Remarketing Tag --> <!-------------------------------------------------- Remarketing tags may not be associated with personally identifiable information or placed on pages related to sensitive categories. See more information and instructions on how to setup the tag on: http://google.com/ads/remarketingsetup ---------------------------------------------------> <script type="text/javascript"> /* <![CDATA[ */ var google_conversion_id = 950296937; var google_custom_params = window.google_tag_params; var google_remarketing_only = true; /* ]]> */ </script> <script type="text/javascript" src="//www.googleadservices.com/pagead/conversion.js"> </script> <noscript> <div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?value=0&amp;guid=ON&amp;script=0"/> </div> </noscript></div> </div> <div id="flyout-container"></div> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"us\/","currentPath":"node\/102816","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"ajaxPageState":{"libraries":"eJxlkFFuAzEIRC8Ux6r609tU2Eu8VliwAEfN7etEUdbb_r4ZYJgNlwrxUslRzxmaV-FTA4Wi0FaLi_YGdN7JuXPriaqtuDyMXjNhTCQlWE-WtSacuCIsWfuWbIdZ2JE9NCioM9ZpMjuEBMyz4yIyYobb54QUMbhWoLGOkXalkKRBkXAbx-wgmIHeA8syHSwihTBc5GBeR_5xkuF2ZJXLDFReYQ_hFE26ZgzVcfuPLYza8nUXrEGeEr37_Otz_PGQhfrGI2r7rh9fHAm49NFoWNAxu-hD2UCv6BK3znm9Vn4wQ9C8xu6VntO-joaiQ2JI6fnXm4lQAj3Z3cYDMYHhL3q517E","theme":"particle","theme_token":null},"ajaxTrustedUrl":[],"vwo":{"id":767242,"timeout_library":2500,"timeout_setting":2000,"usejquery":"false","testnull":null},"pp_i18n":{"language":"us"},"instantsearch":{"indexName":"content","path":"us\/search"},"user":{"uid":0,"permissionsHash":"26dd96d39e445e838e5f0382a0a4240ea0629de7ad59c3778594246405e2ccf5"}}</script> <script src="/sites/default/files/js/js_8CW70isSIT32kS0YKfqio8Q45sLJZNysYeCQqB4dtLQ.js?scope=footer&amp;delta=0&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex"></script> <script src="https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js"></script> <script src="/sites/default/files/js/js_DA7GHFg6Iz1O22c58zPl-nNTEwx5y7RuyKjesK1mXJI.js?scope=footer&amp;delta=2&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex"></script> <script src="//munchkin.marketo.net/munchkin.js"></script> <script src="/sites/default/files/js/js_Q_hAq3KoriT4uxdUnA3XDouviRgbwswFyj5MCBnzVHU.js?scope=footer&amp;delta=4&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex"></script> <script src="/themes/custom/proofpoint/apps/drupal/../../dist/app-drupal/assets/js/app.js?q=AZdW5do819A&amp;v=1"></script> <script src="/sites/default/files/js/js_2LYNA9Zu5KE51oXU7U2qX9zbS5cCqO7wzxelxAEWhjk.js?scope=footer&amp;delta=6&amp;language=en&amp;theme=particle&amp;include=eJx1kEtuwzAMRC9kRSi66W0CSmZsIRQpkFTQ3L5KUNTyoks-DjCf1q7l44sjAW8dNgwrOmYXXVq7VtA7usTaOe_3wi9mCJr32L2QvW7fsWJ0EUqgiz3NscYEhksD9ZIJYxbFSQqJIaXC26HYRDbCcBN2O-hNxFHD43MSkpiBPgPLenJgR_bQRgM98I6wnnySDpK11_S2gU2h7RZX7Q3ocpBL59YTFdtxnVwcQgLm2WIESkABaVQ7hbcGeUqYSLZgPVnWkib-h8JQ5PvxUDTpmtH-e4Qylj6w47eHLNQr21JxLRBvhcZ-lwzNi_C0qyIG1zJyN2CkeTCV34qn2V9DDsTw-AHoX9ex"></script> <script src="//app-abj.marketo.com/js/forms2/js/forms2.min.js"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10