Mass spear-phishing breaks at four cents.
BEC at scale depends on near-zero sending cost. A campaign hitting 100,000 inboxes at four cents apiece is $4,000. The economics flip well before that.
The standard play.
The standard BEC defense layers email authentication (SPF, DKIM, DMARC), content classifiers tuned for impersonation patterns, awareness training, and process controls (callback verification on transfers, dual approval on wires). Enterprise gateways add brand-impersonation detection and quarantine portals. The combination works in practice when followed. The failure modes are familiar: a polished fake from a fresh domain bypasses the classifier, the user does not callback because the message reads like the executive they hear from every week, the wire goes out, the attacker disappears.
Where it falls short.
- Authentication catches obvious spoofing. A real account that has been compromised passes authentication.
- Content classifiers struggle with AI-generated impersonation that uses real project names and real internal context.
- Awareness training depends on the user pausing to verify, every time, on every consequential request.
- Brand-impersonation detection is a content classifier. The arms race favors the attacker.
- Quarantine portals add a second inbox most users never check.
Rythm’s approach.
Three things change when the protection is economic instead of probabilistic.
Fresh-domain impersonation hits the door.
An attacker imitating a known contact from a different domain is, by definition, a sender not on your guest list. The cover charge applies, the message gets a label.
No model-guess gap.
Rythm does not try to read the message and decide if it is fake. It asks a binary question. Real first-time senders pay; the message arrives labeled as paid.
What Rythm doesn’t do here.
Rythm cannot stop BEC originating from a known contact whose account has been compromised. If your accountant's email is taken over, the attacker is on your guest list by inheritance. The right control there is process verification: callbacks on wire instructions, dual control on outgoing transfers, written confirmation of account changes. Rythm is the structural layer that gates the strangers and adds friction to fresh-domain impersonations. It does not eliminate the need for verification procedures on real transfers. Treat it as a layer that reduces volume and forces payment trails, not as the only line of defense.
One plan. One price.
Keep your existing Gmail or Outlook. Cancel anytime.
$1.65
per month
Annual on Lightning includes one bonus month. See full pricing.
Frequently asked
Keep reading.
Email security for founders
Founders are the highest-context BEC target. Inbox protection without an IT line item.
Email security for CPAs
For tax pros and accounting practices that handle client wires and Form 1040 traffic.
Business email compromise survival guide
What BEC looks like in a small business, what stops it, and what does not.
Business email compromise (basics)
A short, plain-English explainer on the attack class and the controls that work.
Microsoft 365 phishing as the top vector
Why Microsoft 365 became the most-targeted environment and what changes the math.
