Combating Business Email Compromise with Machine Learning & Artificial Intelligence
Email is a tad over 40 years old: back then no one probably imagined that even though it was meant to be a convenient and ubiquitous form of digital communication – it would also be used for anomalous activity like phish, spam, fraud etc. Judging the lonely and disenfranchised for being lured into a romance scam is unjustified. Though it wasn’t originally created with built-in security protocols, the assumption an employee is also an email fraud detection expert is unrealistic. Email scams were – and are still real!
Email security began to emerge as a risk management issue about a decade ago: back then security companies simply tried to build thicker “security walls”. Yet the approach was adequate until email scammers became wiser and began to evolve anomalous tactics. Email is (still) an important form of communication used today – even with the rise of texting, instant messaging, Slack, etc. Irrespective of its popularity, there’s still some lack of proper email authentication. This is why email is still abused by – and still vulnerable to – abuse.
Attacks contain malicious URL links & attachments, spam, viruses – as well as scattershot credential phish attacks … these all send malicious stuff to unwitting victims. A great example is an unsuspecting Paypal phish e-mail message!
The tech industry responded by creating ‘secure email gateways’ (SEG) – focused on stopping attacks by looking for abusive “content” in email … based on ‘fingerprints’, heuristics, data intelligence, machine learning, and more. The premise behind this security technology was to identify what “bad” email looked like – and in turn protect companies, consumers, you name it. As a result, an entire technology architecture was mapped and evolved.
Cybercriminals continuously try to figure out ways to ‘sneak around’ these technologies by coming up with new attack techniques to look legitimate amongst trillions of “good” emails. Yet the tech industry stays on par with advanced threat protection solutions that leverage malware sandboxes and new forms of dynamic analysis – still with the intent to counter & identify bad actors. But note: bad actors continuously emit threat tactics to evolve with the e-mail security industry.
Next-gen attacks continue to be sophisticated by using identity deception techniques and become more targeted. These attacks include spear phishing, business email compromise (impersonation of an executive, trusted vendor etc), an email account takeover, etc.
A compromised account is an ultimate form of identity deception where a scammer sends from (and manipulates) the owner’s actual mailbox. The attacker can see everything in the email account owner’s inbox and that access gives the attacker context to craft authentic-looking emails directing people to ‘unknowingly’ do stuff like divert payroll information, transfer funds via wire, etc. Ultimately, the attacker can monetize the email account owner’s inbox – or even move within an organization to execute a data breach.
Throughout 2019, such attacks rose by about 35 percent, making the use of compromised accounts a fast-growing impersonation technique. When an attacker compromises an internal account at a business organization he/she can spread malicious emails, move from employee to employee within the org to either execute a data breach, attack vendors & suppliers, and vice versa.
Winning the battle waged by scammers…