Definition
Business Email Compromise (BEC) is targeted email fraud where attackers impersonate executives, vendors, or trusted partners to authorize fraudulent actions - typically wire transfers, gift card purchases, or sensitive data disclosure. BEC is responsible for the majority of email-driven financial loss; the FBI tracks BEC losses in the multi-billion-dollar range annually. Defense requires both technical controls (DMARC enforcement, impersonation detection, display-name analysis) and process controls (multi-person authorization for high-value transactions, out-of-band verification of unusual requests). Symantec Email Security includes BEC defense with impersonation detection and lookalike-domain analysis. See our DMARC enforcement guide for the technical hardening playbook.
Symantec products that implement this
- Symantec Email Security.cloud - Cloud-based email protection with anti-phishing, BEC defense, attachment sandboxing, URL rewriting, impersonation detection, and email continuity.
Related terms
- DMARC (Domain-based Message Authentication, Reporting and Conformance) - Email authentication standard that lets domain owners specify how receivers should treat mail that fails SPF or DKIM.
- SPF (Sender Policy Framework) - Email authentication standard that lists authorized sending IPs / domains for a given sender domain via DNS TXT records.
- DKIM (DomainKeys Identified Mail) - Email authentication using cryptographic signatures placed in headers by the sending mail server.
- Phishing - Social-engineering attacks that trick users into revealing credentials, clicking malicious links, or downloading malware.
Deep-dives on BEC
- DMARC enforcement with Symantec Email Security: from p=none to p=reject - Most organizations sit at DMARC p=none for years. Moving to p=quarantine and p=reject is a 6-12 week project - and Symantec Email Security g…