Phishing and business email compromise (BEC) attacks continue to accelerate globally at staggering rates. Criminals are utilizing a new class of targeted, identity-based phishing attacks to evade existing email filters and gateways, which focus solely on detecting “what” emails may contain. While these solutions are largely effective at uncovering suspicious links, attachments, keywords, and behaviors, they fail to discern whether the senders themselves can be trusted — “who” the emails come from — which is the most fundamental giveaway that the email is fraudulent.