Cloudflare Docs
Cloud Email Security (formerly Area 1)
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Business email compromise (BEC)

Attackers often try to impersonate executives within an organization when sending malicious emails (with requests about banking information, trade secrets, etc.).

The Business email compromise (BEC) feature protects against these attacks by adding an attribute to any spoofed email messages matching these sensitive email addresses. Information about key users you enter in the dashboard is used by Cloud Email Security to run enhanced scan techniques and find these spoofed emails.

​​ Setup

You have several options for adding email addresses to BEC protection.

​​ Using the dashboard

Using the dashboard, you can add email addresses individually or upload a CSV file:

  1. Log in to the Cloud Email Security dashboard.
  2. Go to Settings (the gear icon).
  3. On Email Configuration, go to Enhanced Detections.
  4. Select New Display Name.
  5. Enter an email address manually or upload a CSV file.

​​ CSV uploads

You can also upload a CSV file of multiple email addresses. The CSV file must be smaller than 150 KB, start with a header row of all required values, and contain no additional fields.

An example file would look like this:

Display_Name, Email
Star Phish, star@nophish.com
Phish Ee, phishee@nophish.com

​​ Integrating a directory

If you want your BEC contacts automatically synced, Cloud Email Security also supports directory integration for Microsoft and Gmail. Refer to Office 365 directory guide and Google Workspaces directory integration for more information.

​​ Review threats

Cloud Email Security’s dashboard has at-a-glance insights regarding BEC attacks, such as top email addresses targeted. Refer to Statistics overview and Types of malicious detections for more information.