Utilizing the BEC List

Area1’s BEC (Business Email Compromise) list provides an additional layer of security to complement your email protection measures protects against these attacks by adding an attribute to any spoofed email messages matching the email addresses you provide. It serves as a valuable tool in identifying potential attackers attempting to impersonate high-level executives within an organization, with the intention of triggering malicious actions.

What is Business Email Compromise?#

BEC emails are a major concern for most companies, as they employ sophisticated phishing techniques that do not rely on typical indicators of malicious messages such as links or attachments. Instead, these emails exploit the power dynamics within a company by using the names of key individuals, esteemed customers, and even board members to deceive employees into carrying out fraudulent activities, such as unauthorized money transfers.

BEC attacks employ various strategies to manipulate trust, including:

• Domain spoofing: The attacker sends an email that appears to originate from the target user’s own company domain or domains associated with trusted business partners.
• Name spoofing: The scammer poses as a well-known, trusted, and influential individual within the organization, such as the CEO or another high-ranking executive. This not only captures immediate attention but also demands priority. Combining a name spoof with a job title spoof ensures that the email receives utmost urgency.
• Domain proximity: The company’s domain address may be registered or hosted by various providers, with slight variations in the spelling. Users, driven by the desire to comply with their executive’s instructions, might overlook such minor details. For example, a domain name may be spelled as “buslness.com” instead of “business.com” (note the upper case ’l’ instead of ‘i’).
• Attributes spoofing: The content and email headers are obfuscated and may feature counterfeit logos, brand names, or other recognizable identifiers to gain the target’s trust and create an illusion of safety, leading them to take actions they believe to be legitimate.

By understanding and being vigilant about these BEC attack techniques, organizations can better safeguard themselves against fraudulent schemes and protect their valuable assets.

Creating a BEC List#

To help combat Business Email Compromise, we recommend that customers utilize the BEC List in Area1 by providing us with a list that matches a Display Name to an email address. If any users go by shortened versions of a common name (Mike/Michael; Kim/Kimberly) or have any other possible variations, be sure to include those. See the example list below: