What are BEC Attacks?

Attackers use three Business Email Compromise (BEC) techniques to phish their targets. Depending on the technique, a mixture of phishing emails, websites, attachments and senders may be used.

Protecting Against BEC Attacks

Attackers utilise a variety of tools to help them achieve their BEC objectives. These tools may help them exploit email spoofing vulnerabilities, they may help them assess whether your spam & malware filter can be bypassed or they may help with the delivery and orchestration of phishing campaigns.

To give your business the best chance at protecting against these attacks, CanIPhish have created a variety of free tools designed to help you assess and protect your own infrastructure.

Phishing Simulation

The best way to defend against BEC attacks is to train your users how to spot them. Phishing simulations are designed with exactly that use-case in mind... If your employee's know about credential harvesting, endpoint compromise and reply-to attacks, they're less likely to fall victim when an attack occurs.

By simulating real-world phishing attacks, you'll be able to test your cyber readiness, reduce your phish click rates and meet your security compliance obligations.

Think you can spot a phish? Take a look at the Email Phishing Library provided by CanIPhish.

Email Domain Scanning

If your domain isn't configured in-line with best practices, attackers may be able to spoof it and target your employees or customers. Attackers will abuse misconfigurations within your SPF and DMARC records to spoof your domain in phishing emails.

By utilising the free domain scanning tool provided by CanIPhish, you'll be able to spot SPF & DMARC issues, identify malicious mail senders in your supply chain and even see if your email infrastructure is vulnerable to attack.

Think you may be vulnerable? Take a look at the Domain Scanning Tool provided by CanIPhish.

CanIPhish Domain Scan Snippet

Email Gateway Analysis

If your email infrastructure isn't configured in-line with best practices, attackers may abuse it to build their own phishing email evaluation capability. This capability allows attackers to reduce the operational effectiveness of your email spam and malware filters, meaning more phishing emails land in employees inboxes.

By utilising the open-source tool provided by CanIPhish, you can get a real-world view into how these attacks are performed.

Want to see this attack in action? Take a look at Phishious, the open-source GitHub project provided by CanIPhish.

Free Phishing Tools Ready For Use

Stacked Emails

Sender Spoofing

Discover domains vulnerable to email domain spoofing and incorporate these into your simulated phishing campaigns.

Document appearing out of screen

Domain Tool Statistics

Track domain scan statistics to determine which domains to spoof in your simulated phishing campaigns and which to remediate.

Layered Documents

Comprehensive Support

Get the most out of CanIPhish with our comprehensive knowledge base, live chat, phone and email support.

Pencil and ruler

Directory Integrations

Upload employees via CSV or automate directory synchronisation with our Azure AD and Google Workspace integrations.

Cloud storage

Flexible Infrastructure

Our highly dynamic platform enables you to use our hosted mail and web servers or to bring your own.

Opening box

A full solution for everyone

Whether you’re an enterprise looking to train users, a red teamer conducting a penetration test; or a hobbyist, we have you covered.