Configuring Business Email Compromise Criteria

The FBI defines Business Email Compromise (BEC) as "a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments." Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers. For more information, see FBI Public Service Announcement.

A BEC scam is a form of phishing attack where a fraudster impersonates a high profile executive, for example, the CEO or CFO, and attempts to trick an employee, a customer, or a vendor into transferring funds or sensitive information to the fraudster.

The BEC criteria are configured to detect and take actions on BEC email messages.


Hosted Email Security does not apply content-based heuristic spam, BEC, phishing, graymail, Web reputation, or social engineering attack rules to email messages received from email addresses and domains listed on the Approved Senders screen.

  1. Select Message detected as.
  2. Select Business Email Compromise (BEC).
  3. Select either of the following BEC category:
    • Analyzed: take actions on email messages that are verified to be BEC attacks.

    • Probable: take actions on email messages that are suspected to be BEC attacks.

  4. Click High Profile Users to add high profile users for detection and classification.

    Add high profile users as the global BEC settings so that Hosted Email Security will check incoming email messages claimed to be sent from those users and apply fraud checking criteria to identify forged messages.

    For details about high profile users, see Configuring High Profile Users.