How Email Fraud Tactics Continue to Find New Life

Almost as soon as email became widely used, crooks and scammers began using it as a means to defraud people. In today’s world, malicious fake emails continue to be a huge problem for individuals and businesses. Businesses make lucrative targets Losses due to BEC scams are escalating, and criminals are targeting organizations with emails that, more...

Almost as soon as email became widely used, crooks and scammers began using it as a means to defraud people.

In today’s world, malicious fake emails continue to be a huge problem for individuals and businesses.

Businesses make lucrative targets

Losses due to BEC scams are escalating, and criminals are targeting organizations with emails that, more often than not, foil conventional email security solutions because they do not carry malicious payloads or links.

The problem stems from the fact that it’s easy to spoof senders or compromise email accounts.

It is also compounded by the fact that, especially in the business environment, users get a lot of emails, focus and attention fluctuates throughout the day, and attackers are always trying out new tricks to get past defenses put in place by companies.

“Historically, most email protection vendors, specialists, and anti-spammers assumed that simply ‘setting the right rules’, ‘refining the engine’, signature-based scanning and blacklist references are enough to stop the vast majority of the threats that come through email,” says Vircom CEO Mike Petsalis.

That strategy is not enough, he notes, as clients then risk being tricked by the unexpected threats. And these threats are not necessarily new, but simply variations on a theme that an organization might not expect.

Constant evolution of threats

Attackers are perpetually tweaking the emails with which they hope to snare targets.

They employ spoofing and urgency tactics in different iterations to achieve different ends: phish credentials, deliver malware, steal data or money.

Emails are made to look like standard, legitimate payment requests, invoices, document delivery emails, alerts urging “account verification” because emails ostensibly can’t be delivered, urgent requests apparently coming from their colleagues and superiors, and so on.

email fraud tactics new life
Email tactics

“Taken together, these represent complex iterations of threats that steepen the learning curve for most filters, because they defy the basis of inbound email having what is on its surface a malicious link, attachment, or even any threat whatsoever beyond a request for a reply to an email,” Petsalis explains.

email fraud tactics new life
Email tactics

That last example is why rule-based or signature-based filtering can’t ever work perfectly.

“In the above ‘benign conversation-starter’ case, the sending of the email is unlikely to have been automated as the display name was a specific high-authority user within the organization,” he comments.

“It all points to a highly targeted attack that relies on the user getting duped into thinking they’re talking with the actual person. This is an attempt to start an email conversation which, after the first reply, will likely request some data, a fund transfer, or the sharing of a malicious link. With the reply, the likelihood of filtering is again reduced.”

Choosing the right solution

Fortunately, more and more providers are now taking the approach that analysis of unique and individual threats by human experts (like Vircom’s own) is necessary to understand the real angles of attack individuals and groups use to achieve fraudulent goals.

“This leads to unique real sets that adapt and evolve along with threats, rather than simply trying to ‘outrun’ them with perfect, broad based, pure-machine filtering,” Petsalis notes.

“While programmatic intelligence is necessary to filter the vast majority of email threats, granular threat analysis is also required by email protection vendors to continue adapting to the clever tactics of email fraudsters.”

Vircom protects against email fraud with protection against fraudulent attachments (via cloud-based threat intelligence) and spoofing tactics (through Display Name Phishing Protection, which allows high-authority users within organizations to be specified and extra measures taken against imposters posing as them).

The company merges the scanning of all layers to ensure maximum accuracy and limited false positives but does not depend more on any one basis of threat intelligence (and its inherent biases) compared to another, providing complete cloud-based, up-to-the-minute email security for its clients and partners, as well as integrations for tools like ConnectWise Manage that enable managed services providers to better deliver this kind of solution.

Source: www.helpnetsecurity.com