Email header BEC check
Paste raw email headers. We look for Reply-To redirection, failed SPF/DKIM/DMARC, typosquat domains, and the other signals that point to Business Email Compromise.
Reference
Understanding BEC
What is BEC?
Business Email Compromise is a targeted scam where an attacker impersonates a trusted party — a CEO, vendor, or payroll contact — to trick an employee into wiring money, releasing data, or changing payment instructions. The FBI ranks it as one of the costliest cyber-crimes worldwide.
Common BEC patterns
- CEO fraud: Email appears to be from an executive asking for an urgent wire transfer.
- Vendor impersonation: A supplier's account is spoofed to redirect payment to attacker-controlled bank details.
- Payroll diversion: Employee's direct-deposit info is "updated" by a fake HR request.
How to protect yourself
- Verify any payment change or wire request by phone, using a number you already had — never one in the email.
- Require email authentication (SPF, DKIM, DMARC) on your own domain.
- Be suspicious of urgency, secrecy ("don't loop in anyone"), and mid-thread changes to instructions.
Header analysis is heuristic. A passing score does not guarantee authenticity; a failing score does not prove fraud. Always verify payment changes through a second channel.