top of page

Ken Liao, Abnormal Security Talks BEC and the Company's New Key Platform Updates

Business email compromise (BEC) is one of the top form of cybercriminal activity. The FBI recently published that almost half of reported financial losses to cybercrime in 2019 were lost to BEC scams. We sat down with Ken Liao, VP of Cybersecurity Strategy at Abnormal Security to discuss BEC and how the company is working to mitigate one of the top threats to enterprise data security. Abnormal Security is a next-generation email security company that protects enterprises from advanced targeted attacks including business email compromise.

Ken Liao, VP of Cybersecurity Strategy at Abnormal Security:

What makes BEC such an issue in today's remote workforce culture?

Email-based threats have become so sophisticated and targeted that even the savviest employees can fall prey, which is why Business Email Compromise (BEC) has cost enterprises billions of dollars in recent years. The mounting losses illustrate the fact that email has been the dominant attack vector for years. Attackers today largely follow trends, and we’ve often seen that widespread panic, fear and uncertainty can be an attacker’s most valuable allies. COVID-19 is the ultimate opportunity for attackers. Here at Abnormal we began documenting a rise in COVID-19 related BEC scams once the pandemic hit. Additionally, we detected a surge in Zoom impersonations last quarter - attacks were attempting to steal employees account credentials. It’s evidence that employees need to keep their guard up at all times, whether in the office or when working remotely

Describe how a BEC attack typically occurs.

BEC attacks typically start with an email into an organization from impersonated or compromised account from someone the target knows and trusts. This could be either someone from within the organization or an outside party, such as a supply chain vendor. Intentionally, the attacker does not send malware attachments or even URLs to begin the conversation. The conversation may start with a low consequence request but often leads to invoice and payment fraud.

When the attacker has initial success, they typically create mail rule changes to obfuscate their tracks, and add additional impersonated accounts to the conversation in an effort to isolate the victim into a conversation away from legitimate accounts within in the organization to increase their chances of a successful attack. In other cases, an attacker may be posing as corporations, such as Microsoft or Zoom, to steal employees account credentials in order gain access to their email system in an effort to pull off more elaborate attacks such as the invoice fraud example mentioned above.

What makes BEC difficult to defend against?

BEC is difficult to defend because it bypasses traditional Secure Email Gateways design to catch and analyze emails that have a payload, like malware attachments. Additionally, BEC attacks are typically disguised to look as if they’re coming from trusted people in our business ecosystem, whether it’s employees or partners we work with on a daily basis. We’re far more likely to be receptive to requests from these individuals as opposed to outsiders, so it’s easy to let your guard down.

How does this new platform help protect against BEC?

Abnormal Security’s Cloud Email Security Platform uses a one-click API Integration, allowing companies to be up and running in just seconds with no risk to mail flow (no MX record or mail routing changes) and no interference with existing security controls such as SEGs. By using artificial intelligence, Abnormal develops a deep understanding of the people in your organization and their behaviors.

By analyzing and normalizing data across thousands of dimensions, Abnormal assembles a single, consolidated profile of every person, allowing enterprises to stop the full range of Business Email Compromise (BEC), credential phishing attacks, supply chain attacks and account takeovers by detecting communication anomalies, flagging financial request language and computer vision analysis that scans invoice attachments for suspicious changes.

As it relates to this product release, Abnormal has added capabilities for enterprises who need a scalable solution, including role-based access controls, multi-tenancy functionality and enhanced customer support. These enterprise capabilities are in addition to our existing efficacy in stopping phishing and compromised accounts which has allowed us to gain numerous Fortune 500 clients in a short period of time

Where can users find more information about the platform?

Visit our website at to learn more.



bottom of page