Views:

In TMEMS, the following options are available for Business Email Compromise (BEC) detections.

  • Detected as BEC attacks by Antispam Engine
  • Detected as BEC attacks by writing style analysis
  • BEC attacks suspected by Antispam Engine

In the current design, only 1 option can be selected at a time.

BEC Options

Click the image to enlarge.

Aside from the Detected as BEC attacks by writing style analysis option, the 1st and 3rd options are BEC detections. The 1st option means the spam engine has high confidence that the sample mail is a BEC while the 3rd is for low confidence. Customers can define different policy actions as needed.

In several cases, since one option is enabled (either the 1st or 3rd), this resulted to undetected BECs. To resolve this, it is recommended to create two (2) policies for BEC protection having different options and actions.

 
If you have Cloud App Security (CAS), three (3) policies can be created. The additional one is for writing style detection.
 
Keywords: compromised emails are not detected,BEC emails are not tagged by TMEMS,BEC are getting through TMEMS,BEC is able to bypass TMEMS