Business Email Compromise

Business Email Compromise (BEC) attacks evade detection by traditional security tools because they target the human layer of enterprises.

Watch Video Overview
Business Email Compromise

What is Business Email Compromise?

In Business Email Compromise (BEC) scams, attackers claim to be a trusted entity - either internal or external - before using context, persuasion, and urgency to attempt financial theft from targeted accounts. Here’s how a BEC attack usually runs its course.


Attackers find target employees - usually in finance or accounting - and build a profile of the organization through reconnaissance and mining public data.


To set up the compromise, cybercriminals either spoof domains or take over the account of another employee in the target organization.


An email is sent to request financial transactions, using persuasion and authority to gain the victim’s trust.


Once the money is wired to the attacker, it is quickly transferred out into multiple accounts to eliminate traceability and retrieval.

The Need for BEC Protection

The drip-drip of BEC attacks has created a billion dollar ocean. The 2019 IC3 Report from the Federal Bureau of Investigation found that over $26 billion has been lost in BEC attacks over the past three years.

These attacks sneak past legacy defenses because:

  • They are laser targeted
  • They avoid metadata-based detection
  • They don’t contain malicious payloads
  • They are socially engineered

Common BEC Attack Types

Vendor Email Compromise

These ‘long con’ attacks utilize compromised third-party email accounts to defraud organizations of money and sensitive data.

Learn more

Executive Impersonation

Attackers impersonate trusted executives - like the CEO or CFO - and induce target employees to take actions that lead to compromise.

Learn more

Payroll Diversion Fraud

Targeted emails that fraudulently request a change in direct deposit information to steal from an employee.

Learn more

Benefactor Fraud

Criminals pose as an unfamiliar but benevolent entity and promise windfalls to victims in an attempt to steal money or private data.

Armorblox Stops Business Email Compromise

Context-aware detection

  • Detection that combines 1000s of signals across user identity, user behavior, and language analysis
  • Algorithms built with deep learning, natural language understanding, and statistical models

Detailed attack analysis

  • Study email-specific insights built for human eyes
  • Understand exactly why Armorblox thinks an email is suspicious to simplify threat investigation

Out-of-the-box policies

  • Leverage preconfigured policy actions that can automatically label, quarantine, or delete suspicious emails
  • Save time by setting automated remediation workflows for specific departments and threat types

Threat management and metrics

  • Manage a central repository for all BEC threats with intuitive search and query
  • Uncover communication insights for targeted security interventions e.g. most impersonated VIPs, most attacked departments


Comprehensive Email Security

Protect your business against payment fraud, executive impersonation, credential phishing, account takeovers, and other attacks

Lightning Fast Deployment

Connect to your email over APIs and deploy enterprise-wide within minutes

Faster Response Times

Reduce SOC burden with bulk, one-click remediation for abuse mailbox and other broader attacks within your organization

Schedule a Demo Today!

Learn how Armorblox can help protect your organization against phishing, spear phishing and business email compromise attacks.