How to Prevent Business Email Compromise With Mail Visual Indicators

April 12, 2018 by Stephen Moramarco

Business email compromise (BEC) is a nefarious scam that ensnares companies around the globe at an alarming rate. The FBI notes BEC scams have increased 1,300% since 2015 to the tune of $5.7 billion worldwide. A BEC scam involves duping someone into believing they are a coworker, CEO or trusted partner and often begins with an email exchange.

To help decrease the chances of falling victim, it may be a good idea to prevent BEC with visual indicators that alert users to questionable messages in their inbox.

What Are Visual Email Indicators?

A visual indicator is a highlighted icon or message that is generated if the email is flagged by the system as potentially dangerous. This could be because the email comes from an external email address or if the “envelope from” address where the email is allegedly sent from doesn’t match the “from” in the in reply or reply-to field. If this happens, an alert would appear on the email that may look something like this:


Microsoft Office 365 has Exchange Online Protection (EOP) that lets you whitelist safe senders and recipients. Safe senders and recipients will receive a green indicator next to their name. Google uses its vast network to authenticate IDs so you know you are communicating with the person you intend to.

They also have an alert if a user can’t accept encrypted emails.

There are also plugins from companies such as Trend Micro that use AI to fine tune the approach and can catch more sophisticated deceptions, such as email addresses from a “cousin domain” designed to look like a legitimate company. With this tool, email addresses that deceptively use a capital “I” with a lowercase “l” could be flagged if the rules were set accordingly.


Other visual cues can be created and used to alert the recipient based upon the content rather than the sender if it finds certain words or phrases.


How Can Visual Security Cues Protect My Organization?

Visual cues are an important reminder and safeguard against BEC attacks. If, for example, the email alleges to be an internal email from the CEO but a visual indicator shows it’s not from a matching account, that should give the recipient pause before acting.

Ultimately, it’s up to the recipient to both understand what these visual clues mean and to know what to do when they receive an alert. InfoSec Institute’s SecurityIQ is a role-based security awareness training platform with extensive anti-phishing and awareness training tools. The platform features over 1,300 security awareness training resources, including industry-specific modules to help you stay ahead of the unique threats facing your sector.

InfoSec Institute just added a series of new BEC awareness training tools to SecurityIQ, which include:

  • 20 BEC phishing templates: Use these templates to send your employees realistic attack simulations to increase their awareness of BEC attacks. Attack methods simulated include fraudulent wire transfer and payroll data requests.
  • BEC simulation reply tracking: This new feature tracks all replies to your BEC simulations, helping you identify vulnerable employees who need additional security awareness training.
  • Sensitive data detection: SecurityIQ reply tracking also includes pattern recognition, allowing you to determine what type of data your employees shared in failed simulations.
  • BEC awareness training module: This interactive module describes what BEC scams are, outlines the risks of BEC attacks and provides suggestions for BEC scam defense.

To request a free 30-day SecurityIQ trial, visit or call 866.471.0059.

Posted: April 12, 2018
Stephen Moramarco
View Profile

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.