How AI Protects Businesses from BEC

September 22, 2022

Business email compromise (BEC) is the most expensive cyberattack that a business can endure, 64x worse for a company’s revenue than a ransomware attack. This chameleon cyberattack can be hard to spot because it can take so many forms. Cybercriminals are always on the hunt for new ways to trick employees of a business into giving them credentials, money, personal information, financial details, payments, credit card numbers or other sensitive data. More than 70% of companies experienced a BEC attack in 2021. Take a look at the scenarios that cybercriminals use to conduct BEC attacks and how you can protect your clients from trouble.  

Excerpted in part from The Comprehensive Guide to Avoiding Business Email Compromise DOWNLOAD IT>> 

Learn how to add more hands to your security team without adding to your headcount. FREE EBOOK>>

What tools and techniques are used in BEC attacks?  

While cybercriminals have a wide array of tools at their disposal when planning cyberattacks, the following tools and techniques are generally their go-to moves in a BEC attack:  

Social engineering  

Social engineering is a tactic used to compel people to do something even though it may appear to be against their best interests. The No. 1 type of social engineering cyberattack is phishing, the gateway to the majority of BEC attacks. Bad actors often rely on a few varieties of social engineering to prop up their schemes. Here are some examples of social engineering schemes:  

  • Presenting the bad actor as a trusted contact or representative of a legitimate organization by providing context cues that make their communications seem authentic. Spoofing and conversation hijacking are commonly used in this scenario.  
  • Scaring the victim by claiming that they or their company will experience a negative consequence if they don’t act on the demand made in the message immediately. A message from a utility threatening to cut off service is an example of this tactic.  
  • Convincing the victim that the bad actor is an executive or some other powerful person in the victim’s company to create a sense of urgency for the request, like claiming to be an executive who is out of town and needs the employee to send them money in an emergency situation.  
  • Masquerading as representatives of a charity or nonprofit that the target has a relationship with to obtain sensitive information or money. Criminals often harvest data like the target’s alma mater or political affiliation from social media to craft these lures.  
  • Imitating a government agency or legal body to scare victims into sending them money or financial data. A bad actor might pretend to be a representative of the Internal Revenue Service, promising legal repercussions if the target doesn’t pay a fake overdue tax bill immediately. 

Looking for a security rockstar? Get 5 superstar benefits for half the cost of the competition! SEE THE BENEFITS>>

3 cybercriminal favorite techniques used in BEC 

Many elements go into a successful BEC attack, but these three tend to crop up the most.  

Spear phishing  

Spear phishing is a form of phishing attack that uses very specific information to send sophisticated, malicious emails to individuals or organizations. It is a deliberate attempt by threat actors to steal sensitive information, such as account passwords or financial information, from a specific victim. Actors use social engineering techniques and often leverage social media activity to obtain personal information about the victim, such as their friends, birthplace, employer, frequently visited places and recent internet purchases, to foster authenticity in their lures by pretending to be somebody the target knows and trusts. This is a very common attack scenario that just under 70% of businesses endured in 2021.  


Spoofing is a technique attackers use to imitate people, companies and computers with the intent to trick people into giving up personal information to gain access to something valuable. This technique is a go-to for the bad guys. One-quarter of all branded emails companies receive are spoofed. Spoofing can apply to emails, phone calls and websites, or it can be more technical, such as IP, Address Resolution Protocol (ARP) or Domain Name System (DNS) spoofing. Often, spoofing is used during a cyberattack to disguise the source of attack traffic. Nearly 50% of BEC attacks spawn from the spoofing of someone’s identity in the display name of a bogus email message.  

Conversation hijacking  

Conversation hijacking is a type of phishing attack where threat actors insert themselves into a pre-existing email conversation. Typically, conversation hijacking is preceded by the bad actor gaining access to the victim’s email account. Sometimes, this technique is used by attackers who have gained access to an email account of someone the victim regularly converses with, like a colleague or a representative of another organization. Conversation hijacking relies on the victim’s false sense of security with emails that appear trustworthy because they draw upon a victim’s previous or ongoing correspondence. This type of BEC attack soared by an eye-popping 270% in 2021. 

Learn the ins and outs of today’s wide variety of phishing attacks & how to stop them in Phishing 101. DOWNLOAD IT>>

How does AI protect organizations from BEC?  

AI makes Graphus a defensive game-changer against threats like BEC. Graphus uses AI driven by a patented algorithm. The software can detect the most advanced phishing threats, including zero-day attacks and new BEC scams. It catches sophisticated malicious messages. AI can effectively mimic human behavior using extensive data from past examples of similar behavior. That enables technology like TrustGraph to make decisions without human input and take actions like adjudicating the safety and authenticity of an incoming email or quarantining a suspicious message. 

AI doesn’t have human weaknesses, so it is immune to social engineering. It’s not going to fall for faked indicators of authenticity or scare tactics, removing human error and cybercriminal trickery from the equation. Every incoming message is compared to the baseline using dozens of points of comparison. AI will spot deviations from a company’s normal communication pattern that people might miss. That technology powers EmployeeShield to warn users of unusual messages. If users reject a message through EmployeeShield or Phish911, it is placed in quarantine to keep it away from other employees until it can be reviewed by an IT team member. AI-driven email security doesn’t wait for new threat intelligence to be uploaded by a tech to evolve a company’s protection. Also, it won’t quickly become obsolete like other email security technologies because it never stops learning.  

Machine learning ensures that AI grows with an organization preventing obsolescence

Machine learning allows the Graphus AI to continue to refine protection for a business without human intervention. Machine learning, which is sometimes used interchangeably with AI, refers to the process by which computers develop pattern recognition by collecting, organizing and structuring data, providing AI the information that it needs to plug into its algorithm. Machine learning ensures that TrustGraph doesn’t need threat reports or human tinkering to gather and process detailed threat intelligence, like changes in a company’s communication patterns, to spot anomalies that could be a cyberattack like BEC. 

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

Gain peace of mind with powerful protection from BEC with Graphus  

About 95% of attacks on business networks are the result of phishing messages that snag an unwary employee. Graphus offers businesses strong protection against phishing-based cyberattacks like BEC through the power of AI and machine learning that drives advanced automated anti-phishing software. Graphus puts three powerful shields between businesses and BEC.  

  • TrustGraph automatically detects and quarantines malicious emails so the end user never interacts with harmful messages. TrustGraph accomplishes this by instantly analyzing 50+ characteristics of incoming messages and comparing them to what’s typical for this company and this recipient.  
  • EmployeeShield alerts recipients of a potentially suspicious message that they may not notice by placing an interactive warning banner at the top that allows users to quarantine or mark the message as safe with a single click.  
  • Phish911 empowers employees to proactively report suspicious and unwanted emails for IT to investigate, reducing your exposure to potential disaster.  

Put Graphus to work for you and gain powerful protection from phishing-based threats. Employees can’t click a phishing email that they don’t receive, and you can feel confident that your smart, automated guardian will stop malicious messages effectively. Even better, automated email protection from Graphus fits every budget putting a powerful defense against today’s nastiest cyberattacks within reach for every organization. SCHEDULE A DEMO 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus