Business email compromise (BEC)
Attackers often try to impersonate executives within an organization when sending malicious emails (with requests about banking information, trade secrets, etc.).
The Business email compromise (BEC) feature protects against these attacks by adding an attribute to any spoofed email messages matching these sensitive email addresses. Information about key users you enter in the dashboard is used by Area 1 to run enhanced scan techniques and find these spoofed emails.
Setup
You have several options for adding email addresses to BEC protection.
Using the dashboard
Using the dashboard, you can add email addresses individually or upload a CSV file:
- Log in to the Area 1 dashboard.
- Go to Settings (the gear icon).
- On Email Configuration, go to Enhanced Detections.
- Select New Display Name.
- Enter an email address manually or upload a CSV file.
CSV uploads
You can also upload a CSV file of multiple email addresses. The CSV file must be smaller than 150 KB, start with a header row of all required values, and contain no additional fields.
An example file would look like this:
Display_Name, EmailStar Phish, [email protected]Phish Ee, [email protected] Integrating a directory
If you want your BEC contacts automatically synced, Area 1 also supports directory integration for Microsoft and Gmail. Refer to Office 365 directory guide and Google Workspaces directory integration for more information.
Review threats
Area 1’s dashboard has at-a-glance insights regarding BEC attacks, such as top email addresses targeted. Refer to Statistics overview and Types of malicious detections for more information.