BUSINESS EMAIL COMPROMISE
One of the most financially damaging cyber attacks
WHAT IS BUSINESS EMAIL COMPROMISE?
Business email compromise (BEC) — also known as Email Account Compromise (EAC) — is one of the most financially damaging online crimes. These are emails that appear to come from a known, or trusted source making a legitimate request. BEC scams are often highly researched, with cybercriminals targeting employees that have the ability to authorize payments or have access to financial systems. Business Email Compromise scams are regularly successful and highly lucrative.
Losses Surpass $43 Billion
Business email compromise (BEC) and email account compromise (EAC) losses have surpassed $43 billion globally.
(source: FBI)
19,954 Complaints in 2021
In 2021 the IC3 received 19,954 Business Email Compromise (BEC) or Email Account Compromise (EAC) complaints.
(source: IC3)
Attacks Increased by 65%
Losses from business email compromise (BEC) attacks increased by 65% between July 2019 and December 2021.
(source: FBI)
WHAT DOES BEC LOOK LIKE?
Unlike mass spam or phishing campaigns, BEC attacks are extensively researched and are crafted to target a specific individual or group. They often contain no malicious attachments or URLs, which helps evade detection by traditional email filters.
Typosquatted Domain
The attacker has legitimately registered a 'typosquatted' domain, demobiz.co -. As this domain is brand new, it will not be found on any RBLs. It will likely pass SPF, DKIM and DMARC checks too.
Impersonating Executive
The attacker has impersonated a high-ranking executive who has the authority to make such a request.
Malwareless (No Payload)
The absence of links or attachments, renders AV engines and sandboxes obsolete. Although the request of buying gift cards is potentially suspicious, most filters will not block an email based on this alone for fear of false positives. To the recipient, this email may look indistinguishable from a genuine one.
HOW DOES MESH PROTECT AGAINST BEC?
Mesh applies over 250 unique filters to every single email it processes, protecting against the full spectrum of email attacks. Combining machine learning, predictive threat intelligence and advanced content analysis, Mesh identifies indicators of compromise, fraud, impersonation, phishing, malicious content, spam, and unsolicited marketing emails, keeping organizations and their people safe.
Impersonation Detection
Mesh analyzes email content, language, tone and cadence, combined with checks against the sending domain, display name, and username, for matches and/or similarities with the recipient organization.
Contextual Banners
Informed employees are safer employees. Banners can be applied to emails warning of danger or advising caution, empowering employees to safely navigate their inbox. Banners are customizable.
Predictive Threat Intelligence
Knowing what regular email traffic looks like makes it easier to recognize anomalistic email. Mesh utilizes a combination of Passive DNS Sensors, Deep-Relationship Analysis, Neural Networks and other information sources to detect abnormalities.
The detection accuracy is excellent & for the price point, it's a no-brainer.
Mesh has significantly reduced the amount of email-related tickets we receive. The ability to manage everything centrally from partner level makes our job so much easier - we can make changes for all clients in one go. Onboarding was quick and painless, both our engineers and end-users took to it straight away.”
Chris Pottrell
CEO @ Nebula IT
Ready to get started?
Make your customers safer and
your MSP more efficient.
MSP Success Stories
Discover how your MSP peers have made their MSPs more efficient and profitable, while delivering better email security to their customers.
Mesh is not for everyone
We’re developing the only email security platform built exclusively for MSPs, but nobody is perfect and Mesh is not for every team.