Business email compromise and fraud
Prevent email attacks that use social engineering to trick victims into making unauthorized transactions or revealing sensitive information.
Payload-less social engineering and targeted attacks are difficult to detect
Business email compromise (BEC) and fraud attacks include social engineering, with attackers impersonating trusted individuals, like employees, partners, or executives to trick recipients into making fraudulent transactions or changing sensitive information.
Most BEC attacks use external senders with convincing fake display names or domains resembling legitimate organizations. Unlike traditional phishing, BEC and fraud schemes rarely contain malicious links or attachments, making them harder to detect.
Once in the victim’s inbox, attackers leverage trust and urgency to deceive employees into transferring money, changing banking information, or leaking sensitive business data.
How xorlab detects and blocks business email compromise and fraud
xorlab identifies and prevents business email compromise and fraud attempts without prior knowledge of the malicious sender.
The xorlab Security Platform:
-
Learns interaction patterns between senders and recipients to establish a baseline of expected behavior.
-
Warns users about suspicious requests, providing information to empower them make informed decisions.
-
Detects unusual requests involving financial transactions or sensitive data changes autonomously blocking fraudulent emails before they reach the recipients' mailbox.
Business email compromise and fraud techniques and characteristics
Impersonation
Attackers spoof trusted email addresses, using fake display names or domains similar to legitimate organizations.
Authority
Fraudulent emails often appear to come from high-ranking executives or key business partners, creating an implicit sense of trust.
Urgency
Attackers use urgent language demanding immediate action or compliance without verification.
No Attachments or Links
Unlike typical phishing emails, BEC and fraud attacks rarely contain links or attachments, relying solely on message content for manipulation.
Contextual Manipulation
BEC emails often personalize content by addressing recipients by name and using context-specific details about ongoing business activities.
Within the MITRE ATT&CK® Matrix, business email compromise maps to multiple techniques (Gather Victim Identity Information, Gather Victim Org Information, Search Open Websites/Domains, Search Victim-Owned Websites, Email Collection, Data from Information Repositories, Data Manipulation, Financial Theft) and tactical objectives (Reconnaissance, Collection, Impact).
Resource center
Ciso Guide
Explore our ebook about smarter email security – an attacker-centric, proactive approach.
News
How attackers leverage the trust of GitHub to launch targeted phishing attacks.
Attack simulation
Stress test your email security with our realistic email attack simulation.
Pen-test your email security
False negatives causing extra work? Unsure of your protection against BEC and fraud? Identify gaps with xorlab's Email Attack Simulation.