Email security company Mimecast recently released its Email Security Risk Assessment, and found that email account hijacking is the fastest growing threat vector. Also known as impersonation attacks, email account hijacking allows an attacker to impersonate the person whose account has been compromised. This is the vehicle used in wire transfer fraud, invoice fraud, and other financial frauds. Some of the statistics in the report were enlightening. From a batch of 56 million email that were analyzed:
- 12 million were spam
- 9055 contained infected file attachments
- 2535 contained malware
- 18971 were impersonation attacks from legitimate but compromised email accounts.
The last number represents a 50% increase over the previous quarter, which is not terribly surprising when you consider that email account hijacking and related wire transfer and financial frauds have become the most popular and most profitable exploits of cyber-criminals.
A we discussed last week, emails from hijacked accounts usually slip past most spam and phishing filters. This requires more diligence on the part of the recipient. Defenses include:
- Running phishing simulation exercises against your own staff. Better include some simulated emails from the CEO, too.
- Training your staff about this threat, and include some actual examples in the training.
- Watch for changes in things like word choice, style, formality, syntax, and construction. People tend to be habitual in their email habits. Changes in these habits can be a tip-off. We have heard about one instance where the sender with the hijacked account typically used an informal or familiar style, and always used an emoji in her emails. The fake email with a payment request was caught by the recipient because the email was overly formal and did not have an emoji.
- When in doubt, confirm the email with the actual sender, preferably via a phone call. Replying by email to a hijacked account will not be effective.
- Teach your staff to confirm all requests for wire transfer or invoice payment.
This is likely to be a bigger problem in 2018 than it was last year. So be on your guard for these attacks.