BEC reporting updates

When did it become summer?? It just crept up on us! You see, we’ve been working hard to ensure something much more nefarious doesn’t creep up on you – and that’s BEC. Read on to learn more about the snazzy updates we made to our BEC findings report. And remember to wear sunscreen. It’s getting hot out there.


BEC reporting gets a new look

Business email compromise (BEC) is a sophisticated, email-based scam that targets organizations and individuals everywhere in the world. And it happens a lot. In fact, October 2013 to May 2018 saw nearly 79K domestic and international BEC incidents from across some 150 countries. The threat actors behind these campaigns are no longer the Nigerian princes of yore, but savvy criminals intent on tricking even the most adept internet users. Let’s just say – it’s kind of a big deal.

Over the years, our SOC has observed perpetrators reusing certain techniques to gain and maintain access to victims’ mailboxes – and we want to share those tricks of the trade with you. That’s why we’ve revamped our BEC findings report in Workbench to give you the information you need when you need it. Updates like our new TL;DR section, Alert-to-fix timeline, login activity map and hours user login graph ensure we’re getting you the answers you need during any BEC incident you may face.

Improvements to alert disposition stats

We’ve made improvements to our alert disposition stats on the Alert Detail view so younow have the ability to compare stats at an organization level, as well as the previously available global stats.

Other enhancements

  • We added a custom date range selector to the Incidents and Investigations pages to give you more control over which investigations and incidents you’re looking at.
  • When investigations are closed, Workbench adds the closed reason to our “Comments” section as an “Investigation Close Comment”. Now, changes to the investigation closed reason will be added to the “Investigation Close Comment” as well.

Other fixes (plus a few odds and ends)

  • We fixed an issue on the Alert Analysis dashboard that disabled partial functionality of the custom date range selector.
  • We’ve fixed an issue that caused loading problems with alert disposition stats in Workbench.
  • We fixed an issue that prevented users from being able to create more than one File Upload investigative action without refreshing the page.
  • We fixed an issue that restricted the Alert Analysis dashboard from surfacing data related to critical alerts under the Expel Alerts tab.
  • We fixed an issue with our error messaging when users attempt to save investigations with long titles.
  • We fixed wonky button display behavior on the Findings page.
  • We fixed a few copy and styling concerns on the Alert Analysis dashboard.