Can you foresee how phishing attacks will evolve in the following years? According to a study on cybersecurity Gartner recently published, phishing attacks are escalating and will continue to increase in the near future. However, most secure gateway vendors are not well-prepared to meet the challenges concerning higher-level phishing. As we all know,
Phishing attacks generally include three forms:
(1) Malicious attachments
(2) Malicious web links
(3) Impersonation or BEC (Business Email Compromise) attacks
Growing trends towards BEC
Although most email security solutions help mitigate phishing attacks presented in the form of malicious attachments or malevolent web links, impersonation or BEC is barely detectable for some secure email gateways. Therefore, phishers increasingly use BEC to evade traditional defense solutions.
If you have read our article on BEC, you would know that BEC targets firms conducting wire transfers and having suppliers abroad. Rather than employing a payload like a URL or an attachment, the scam of BEC uses “impersonation and knowledge of the company structure or common transactions.” In this way, scammers convince employees “to wire money or data”, or furtively change bank account information “for pending payments.”
Some security solutions not strong enough to fight BEC
BEC resulted in losses reaching a whopping $1.3 billion in 2018, which have doubled year on year, the yearly FBI internet crime report suggests. Despite the huge losses caused by BEC, some security solution providers are not equipped with state-of-the-art technology to authenticate sender identity. Worse still, email certification methods like DMARC (Domain-based Message Authentication, Reporting & Conformance), can neither fully authenticate email users nor identify spoofing or cousin domains (similar-sounding domains or look-alike domains) or consumer email accounts such as Gmail.
Anything we can do with the hot potato?
Realizing that BEC attacks ostensibly with fewer malicious intent are difficult to detect and most technology companies are not responding fast enough to the new challenges, you may frown, “So we can do nothing but fall victim to BEC attacks?”
Absolutely not. There are still solutions for preventing impersonation attacks, such as that provided by Mr. Post. Mr. Post unveils the “Real Senders” of your emails and inspects links in your emails, which helps reveal possible BEC.