When it comes to securing their email, the most crucial question every organization needs to be asking themselves is, do my users know how to distinguish between a legitimate email and an email threat? Some businesses can invest heavily in security architecture; however, many are not. In a landscape of differing technical security, the one common denominator is end-users. Here are the ones most difficult for users to detect:
Business Email Compromise
When someone impersonates an individual within or with close ties to an organization to obtain something of value, these types of attacks are hoping to dupe the victim into handing over money, log-in credentials, or other sensitive data.
Why it’s hard to detect
Typically, these emails are crafted to appear from someone’s email account and include an urgent request. They want the recipient to think, “this person is in a rush, and they need my help.” Adding an indicator that the message was sent from a mobile device makes it more likely that the recipient will overlook typos or weird formatting. Often, individuals don’t know their co-workers or managers’ legitimate personal email addresses, so if the name looks correct in the header and signature, they don’t question it.
Conversation hijacking
This type of attack happens after a bad actor has already gained access to an internal account. They insert themselves into a legitimate conversation thread by spinning up a lookalike domain and effectively remove the compromised party – isolating the email thread to just the hacker and their new victim.
Why it’s hard to detect
The victim has already established a rapport with a legitimate recipient — this might be someone they email regularly, maybe even someone they’ve talked with over the phone or met in person. Sometimes the only clue will be a very subtle difference in the email address or domain of the compromised party. If the recipient of the conversation hijacking email is on their mobile device, distracted, or not in the practice of double-checking an email sender’s FROM address, they can easily fall victim to this type of attack.
Brand impersonation
There are two types of brand impersonation: Service impersonation and brand hijacking. Service impersonation is when a hacker impersonates a commonly used application to coax users into re-entering log-in credentials or other personal information. Brand hijacking is when a hacker uses a spoofed domain to simulate a reputable company.
Why it’s hard to detect
Users have become accustomed to receiving legitimate emails from applications prompting them to re-enter their credentials. Requests from Microsoft 365, Amazon, and Apple asking users to confirm their identities, reset their passwords, or agree to new service terms are commonplace in many user inboxes. So, most don’t think twice before clicking links that ultimately send them to phishing sites.
Our Solution
Users who receive consistent training on threat types — how they function, identify them, and report them — are much less likely to fall victim to them. Centrality’s security training equips organizations with practical security awareness training to test their users, analyze user behavior patterns, and train individuals and departments on security best practices. Contact us a 502.262.2552 to learn more about how we can help your business be safe from Cyberattacks.
