Prevent Business Email Compromise

Business email compromise (BEC) is the costliest cyberattack facing enterprises, causing $43 billion in exposed losses over the past five years.

Legacy email security solutions struggle to detect BEC since these text-only emails rarely contain traditional indicators of compromise like suspicious links or dangerous attachments.

Abnormal Inbound Email Security prevents BEC by baselining known user behavior and analyzing email context and content to spot anomalies. With full visibility into all traffic, Abnormal stops BEC from internal and external accounts.

Webinar: Overcoming BEC
BEC Header

BEC is the Most Common and Costly Cyber Attack




Average cost of a BEC attack in 2021.



BEC attacks blocked by Abnormal per customer per month.



Of all cybercrime losses come from BEC.


Understanding the BEC Problem


BEC Attacks Don’t Contain Obvious Indicators of Attack


Unlike other email attacks, BEC attacks are typically text-based, without malicious URLs or dangerous attachments.

Antiquated email protection approaches (like secure email gateways) rely on rules-based policies to flag emails. Since BEC attacks have no indicators of compromise to detect, they pass through security measures to land in user inboxes.


BEC Uses Social Engineering to Trick Users


In these emails, attackers often impersonate a trusted person or entity like an executive, vendor, brand, or internal system to fool a victim. These impersonation attacks slip by traditional email security layers since they look inconspicuous on the surface.

They also employ urgency, encouraging the target to take action immediately or face consequences. Employees who think they’re communicating with a known entity are less likely to scrutinize requests for payment, data sharing, or credentials.


78% of security leaders believe secure email gateways and built-in security from email providers are incapable of stopping advanced attacks like business email compromise.

Source: 2022 Email Security Trends Report


The Abnormal Approach to Business Email Compromise




Baselines employee email activity and maps relationships with partners to understand an email's content and context.

Activities and requests that differ from these norms can signify a BEC attempt.




Understands internal employee-to-employee and external vendor-to-employee communication and patterns.

This gives insight into expected invoice cadence, bank account information, and communication frequency to detect when something may have changed.




Analyzes every email to understand content, tone, and context.

Urgent requests, suspicious financial invoices, changes in formality, and unusual relationship patterns are hallmarks of BEC attacks.


What Our Customers Say


Our customer-first approach is at the heart of everything we do.


“Our executives and Board of Directors are commonly hit with significant amounts of phishing and BEC email attacks. Abnormal’s behavioral-based modeling and pattern recognition have been great in detecting and stopping those attacks. We are confident we have the right solution in place.”

Tas Jalali, Head of Cybersecurity, AC Transit


Discover Abnormal Inbound Email Security


Abnormal Inbound Email Security uses behavioral AI, natural language processing, and risk-adaptive detection to monitor internal and external emails for signs of business email compromise attacks.

Abnormal analyzes every email in your ecosystem against 45,000+ signals across identity, behavior, and content. Profiling emails against these signals helps identify anomalous behavior—like urgent requests, unusual invoices, and changes in tone—which are often present in BEC attempts.

Once a malicious email is spotted, Abnormal automatically remediates it, transferring it to a hidden inbox to prevent end users from interacting with it. The result: users across your enterprise are protected from costly and frequent BEC attempts, without manual input from security teams.


Frequently Asked Questions About Business Email Compromise



Trusted by Global Enterprises


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Resources

Resource 02 CISO
Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $2.4 billion lost in 2021 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner.
Download Now
Report fscc cover
For years, executives were the go-to impersonated party in business email compromise attacks. Now, threat actors are opting to impersonate vendors and suppliers instead.
Download Now
B 07 20 22 Devastating
Business email compromise (BEC) is no joke, and it continues to increase—despite increased awareness of the issue. Learn about the future of BEC attacks in this on-demand webinar.
Watch Now
B 02 08 23 1500x1500 H12023 Threat Report
Abnormal’s latest report on business email compromise trends and statistics finds that employees open 28% of attacks and reply to 15% of them.
Download Now
B Demo Days Webinar01
In this on-demand recording of our first “Abnormal Demo Day”, we explore key platform features and capabilities designed to address today’s toughest security challenges.
Watch Now
B Vendors as Your Largest BEC Threat 07 07 22
Threat actors have shifted their strategy—moving away from internal impersonation and instead focusing on impersonating third parties. Watch the webinar to learn more about this new threat: financial supply chain compromise.
Watch Now