A couple of years ago, a new type of fraudulent email became prevalent. It didn’t have any links to phishing pages nor did it carry a malicious payload. It just asked an innocuous question. “Hi Mary, Are you at your desk?” And so began the long running saga of Business Email Compromise or CEO fraud.
With CEO fraud, the attacker impersonates a senior member of staff to initiate a conversation. These short messages are less likely to create red flags for the recipients, and so they will likely reply back. If this communication goes the way of the attacker, it will eventually result in a financial transaction, the changing of bank details for a payment, etc. In the end, the fraudster receives money from the unwary organization, and the organization is left confused as to what ever happened.
This method of fraud has become so successful that it has started morphing into a main strategy for all malicious emails, including general credential phishing emails, and emails with attachments containing malicious links or malicious macros that lead to a malware infection. Why is this tactic so successful? Because an impersonation email carries a lot more emotional weight for the recipient. Simply put, they find it hard not to comply with the wishes of their (fake) boss. This is one of the many reasons why malicious emails have a much higher open rate than marketing emails. In fact, in our experience of testing phishing reactions from customers, the response rate is 10 times higher.
Blocking Impersonation-based Emails
Many factors need to be taken into account when looking to block impersonation-based emails. This means turning a range of tools that distinctly map to user behaviors. For example, some of these emails are targeted at the 60 percent of users who open their email on their smartphone. The fraudster uses what we call the Friendly Display Name, which is the Mike Smith part or Mike Smith <firstname.lastname@example.org>. This is the only part that will appear on a mobile device, and it is easily forged. More detailed information on approaches to combatting these threats can be found in our Impersonation Attacks webinar.
Luckily, FireEye tracks the evolving threat landscape to help ensure our email security solutions evolve at the same rate of change as the attackers. And checking customer email for all varieties of forged or impersonation tactics is just a part of what we do.
Email Security at Scale
The FireEye Email Security is Powered by Oracle Cloud Infrastructure to help handle the large volumes of email that need to be protected from this type of malicious tactic via a predictable per user subscription model. Oracle Cloud Infrastructure was created to provide an infrastructure that matches and surpasses the performance, security, control, and governance of enterprise data centers, while delivering the scale, elasticity, and cost-savings of public clouds. Providing email security as a cloud service helps to provide a better and more resilient service that customers can depend on to protect their users from a multitude of email threat vectors, including CEO fraud and other impersonation varieties.
Check out FireEye Email Security on the Oracle Cloud Marketplace, give it a test drive today, or come by the FireEye Lounge #4323 at Oracle OpenWorld in San Francisco, from Oct. 22 to Oct. 25, and speak with one of our experts.