Email security company Mimecast recently released its Email Security Risk Assessment, and found that email account hijacking is the fastest growing threat vector. Also known as impersonation attacks, email account hijacking allows an attacker to impersonate the person whose account has been compromised. This is the vehicle used in wire transfer fraud, invoice fraud, and other financial frauds. Some of the statistics in the report were enlightening. From a batch of 56 million email that were analyzed:
- 12 million were spam
- 9055 contained infected file attachments
- 2535 contained malware
- 18971 were impersonation attacks from legitimate but compromised email accounts.
The last number represents a 50% increase over the previous quarter, which is not terribly surprising when you consider that email account hijacking and related wire transfer and financial frauds have become the most popular and most profitable exploits of cyber-criminals.
A we discussed last week, emails from hijacked accounts usually slip past most spam and phishing filters. This requires more diligence on the part of the recipient. Defenses include:
- Running phishing simulation exercises against your own staff. Better include some simulated emails from the CEO, too.
- Training your staff about this threat, and include some actual examples in the training.
- Watch for changes in things like word choice, style, formality, syntax, and construction. People tend to be habitual in their email habits. Changes in these habits can be a tip-off. We have heard about one instance where the sender with the hijacked account typically used an informal or familiar style, and always used an emoji in her emails. The fake email with a payment request was caught by the recipient because the email was overly formal and did not have an emoji.
- When in doubt, confirm the email with the actual sender, preferably via a phone call. Replying by email to a hijacked account will not be effective.
- Teach your staff to confirm all requests for wire transfer or invoice payment.
This is likely to be a bigger problem in 2018 than it was last year. So be on your guard for these attacks.
More information:
ShareJAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com