Products / Email Threat Protection / BEC Protect
Protect your users from business email compromise (BEC) fraud
Not all email-borne attacks contain malicious URLs or attachments. Business email compromise (BEC) scams, such as CEO fraud, employee impersonation and vendor account takeover often use social engineering tactics and come as plain text email messages with no malicious payload. They deceive employees from finance, HR, or executive assistants, etc. into transferring money or providing monetizable information. Today, BEC accounts for the largest cause of cybercrime-related financial loss and continues to grow in prevalence and creativity.
Impersonation and account takeover are the most common techniques used by attackers in BEC fraud. These BEC scammers can impersonate not only well-known brands, but also internal employees, executives, external vendors or customers. Without an advanced protection against BEC, this sophisticated attack could be a nightmare for any organization.
Cellopoint’s AI-based BEC protection
Cellopoint’s Advanced Threat Protection with BEC Protect provides the state-of-the-art and comprehensive detection against the latest payload-less social engineering-based BEC scams that traditional email gateways or signature-based security controls do not address.
To prevent these low-volume, highly targeted BEC attacks, Cellopoint detects header anomalies and domain similarity and helps organizations enforce DMARC (Domain-based Message Authentication Reporting and Conformance) authentication effectively. In addition to impersonation detection, Cellopoint takes a new approach with artificial intelligence (AI) techniques with machine learning model updates to understand relationships between sender identity, behavior, and recipient. This helps identify account takeover attempts and attacks launched from compromised accounts.
Cellopoint BEC Protect is part of Cellopoint Advanced Threat Protection for email security. Delivered as a cloud-based service or an on-premises solution, Cellopoint's BEC protection uses proprietary AI techniques to help you gain valuable insights of the specific threats your organization faces, develop a potent defense, and reduce the risk and liability of financial loss caused by BEC attacks.
Its capabilities include:
Blocking of impersonation and account takeover-based BEC attacks
Defend against not only internally generated scams, including executive impersonation/account takeover (CEO fraud) and employee impersonation/ account takeover, but also external vendor impersonation/ account takeover (invoice fraud) and well-known brand impersonation.
DMARC enforcement and domain/display name spoofing detection
Reduce technical difficulties and ensure DMARC implementation and detect header anomalies, domain similarity, impersonated reply-to, and suspicious email body content in real-time.
AI-based User behavior profiling and relationship graph
Analyze historical and inbound data to decipher sender-receiver relationships and spot unfamiliar or suspicious senders and anomalous messages.
Sender content profiling and email intention detection
Inspect the email content for topic and sentiment, and email body or email subject containing certain words or phrases, such as "payment " and "wire transfer", “urgent” or “request”.
Automated remediation from email inboxes post-delivery
Re-check and monitor of all previously delivered emails and automatically remove malicious emails from users’ mailboxes after delivery.
Blocking of credential phishing emails in conjunction with Cellopoint URL Protect
Prevent credential harvesting attempts and attacks launched from compromised accounts.