Products / Email Threat Protection / BEC Protect (BEC)

BEC Protect (BEC)

Protect your users from business email compromise (BEC) fraud

Not all email-borne attacks contain malicious URLs or attachments. Business email compromise (BEC) scams, such as CEO fraud, employee impersonation and vendor account takeover often use social engineering tactics and come as plain text email messages with no malicious payload. They deceive employees from finance, HR, or executive assistants, etc. into transferring money or providing monetizable information. Today, BEC accounts for the largest cause of cybercrime-related financial loss and continues to grow in prevalence and creativity.


Impersonation and account takeover are the most common techniques used by attackers in BEC fraud. These BEC scammers can impersonate not only well-known brands, but also internal employees, executives, external vendors or customers. Without an advanced protection against BEC, this sophisticated attack could be a nightmare for any organization.

Cellopoint’s AI-based BEC protection

Cellopoint’s Advanced Threat Protection with BEC Protect provides the state-of-the-art and comprehensive detection against the latest payload-less social engineering-based BEC scams that traditional email gateways or signature-based security controls do not address.

To prevent these low-volume, highly targeted BEC attacks, Cellopoint detects header anomalies and domain similarity and helps organizations enforce DMARC (Domain-based Message Authentication Reporting and Conformance) authentication effectively. In addition to impersonation detection, Cellopoint takes a new approach with artificial intelligence (AI) techniques with machine learning model updates to understand relationships between sender identity, behavior, and recipient. This helps identify account takeover attempts and attacks launched from compromised accounts.


Cellopoint offers URL protection as part of Cellopoint Advanced Threat Protection for email security. Delivered as a cloud-based service or an on-premises solution, Cellopoint's URL protection uses multi-phase detection and powerful threat intelligence to block URL-based email attacks.


Its capabilities include:

Blocking of impersonation and account takeover-based BEC attacks

Defend against not only internally generated scams, including executive impersonation/account takeover (CEO fraud) and employee impersonation/ account takeover, but also external vendor impersonation/ account takeover (invoice fraud) and well-known brand impersonation.

DMARC enforcement and domain/display name spoofing detection.

Reduce technical difficulties and ensure DMARC implementation and detect header anomalies, domain similarity, impersonated reply-to, and suspicious email body content in real-time.

AI-based User behavior profiling and relationship graph.

Analyze historical and inbound data to decipher sender-receiver relationships and spot unfamiliar or suspicious senders and anomalous messages.

Sender content profiling and email intention detection.

Inspect the email content for topic and sentiment, and email body or email subject containing certain words or phrases, such as "payment " and "wire transfer", “urgent” or “request”.

Automated remediation from email inboxes post-delivery.

Re-check and monitor of all previously delivered emails and automatically remove malicious emails from users’ mailboxes after delivery.

Blocking of credential phishing emails in conjunction with Cellopoint URL Protect (URL).

Prevent credential harvesting attempts and attacks launched from compromised accounts.

Request a demo with an email security expert.