Since 2016 the global financial loss from email impersonation scams, precisely Business Email Compromise (BEC), is more than $26 billion, according to the FBI’s public service announcement in September 2019. Because email impersonation and email spoofing are a growing threat, an email security tools solution must be able to detect and block these types of email attacks effectively.
Early Indications Of An Email Impersonation Attack
Email impersonation attacks are typically malware-free attacks conducted by social engineering to gain the confidence of an unsuspecting target in the form of business email. It is basically a phishing technique used by cybercriminals. An attacker might research a target online, gathering information from online sources or from your company website that, when combined with content written by the attacker, can lend authenticity to a forged email. An email request appears to come from a legitimate business email address, usually a high-level company executive (which is why sometimes it’s called CEO fraud). There are a few things, however, that point to a potential impersonation of emails (a fake email address):- An urgent and possibly threatening tone.
- An emphasis on confidentiality.
- An unusual request to transfer money or share credentials, bank account information, or acces to other sensitive data.
- Urgent requests for company intellectual property information
- Keyword-based protection often catches emails where the sender’s email address or sender name matches those of critical executives (and other related keywords).
- Security awareness training educates employees about what spoofed messages and impersonation emails look like, how to tell a false email address from a legitimate email address, what can be done to prevent impersonation attacks, and the kind of damage that a successful attack can cause.
- Anti-impersonation solutions scan email for signs of malware-less, social engineering-based attacks that are most commonly associated with impersonation. These may include anomalies of email headers, domain similarity (an inauthentic top-level domain to imitate a company’s main root domain by using replacement characters), sender’s address spoofing, suspicious activity and suspect language in the content of emails.
- Security software scans and filters every link and attachment in every email, blocking users from clicking on malicious links, visiting URLs or opening attachments that may be malicious.
- Encrypt all emails to business partners.
- Enable DNS authentication services use DKIM, SPF, and DMARC protocols to identify legitimate sender address or domains located in the email header.
Trustifi customized inbound rules for advanced protection
Multi-layer Email Security Defense System
Trustifi’s Inbound Shield™ uses multiple layers of protection to ensure all potential threats are detected and treated according to administrator-specific preferences. For example, links and attachments are scanned in a sandbox environment. At the same time, the Artificial intelligence engine analyzes the email’s content to verify if the email is spam, graymail, phishing, BEC, or any other type of unwanted email. In-bound scanning services look deep within the email addresses, email server, attachments, email messages, and headers for any compromising lures, extortion attempts, or requests to the recipient to download malicious packages, including malware, APTs, and rootkits. Trustifi’s solutions help reduce the victim attack surface by identifying and neutralizing the following attack vectors:- Phishing scams
- Spoofing (scam messages coming from forged addresses)
- Impersonation attacks
- Business Email Compromise (BEC attacks)
- Reverse Social Engineering