sb-au logo
Story image

Email fraud attacks take fast and furious approach to their business targets

22 May 2018

Socially-engineered email fraud attacks are becoming ever more frequent as criminals opt to conduct fewer mass attacks and instead hit specific organisations more frequently.

New research from Proofpoint’s analysis of thousands of organisations in Q1 2018 found that 90% were targeted by email fraud in the quarter.

Email fraud attacks also rose 55% compared to the previous quarter, and 103% year-over-year.

Overall, the average number of emails targeting a specific firm in Q1 totalled 28 – a 36% increase over the previous quarter and a 28% increase year-over-year.

Organisations of all sizes and verticals in all countries are at risk, Proofpoint says. The most commonly targeted vertical in Q1 was the real estate industry as fraudsters seek to take advantage of high-value, time-sensitive transactions.

“We found no statistical correlation between the size of the company and how frequently it was targeted by email fraud. While larger organisations may be richer targets, small companies may be more vulnerable,” Proofpoint says.

Fraudulent emails rely on similar tactics to those used in the past: the top three subject lines included ‘request’, ‘payment’, and ‘urgent’. Proofpoint notes that these words align with the fact that wire transfer scams are the most common form of email fraud.

Fraudsters are also spoofing an average of 13 identities and targeting 17 people within a given organisation.

“Email fraud has truly become a multi-dimensional problem as 41% of companies had more than 5 people’s identities spoofed and more than 5 people targeted,” Proofpoint notes.

In Q1, 98.42% of email attacks uses ‘display name’ spoofing as part of their attacks. More than half (53%) of the fraudulent emails were sent from webmail accounts such as Gmail.

Attackers also used domain spoofing for 27% of all email fraud attacks. This is where an attacker hijacks an organisation’s trusted domain.

“Lookalike domains, or cousin domains, represented 4% of the domain types used in Q1. Of these attacks, the most common technique used was to swap individual characters (i.e. replacing a “5” for an “s” or a “0” for an “o”). Other leading techniques included adding or removing the leading/trailing characters (i.e. adding an “s” at the end of a domain) and inserting an additional character (i.e. using “rn” to replace “m”),” Proofpoint states.

Proofpoint says that business email compromise fraud cost organisations more than $675 million in 2017.

Proofpoint’s advice for protecting against email fraud:

  • Email fraud continues to rise at unprecedented rates. Cybercriminals can leverage multiple tactics to try and evade detection, leaving your employees, customers, and business partners as the last line of defense. Organisations need to solve this problem with multiple layers of security that include:
  • Dynamic classification. Analyse the content and context of the email and stop display name and lookalike domain spoofing at the email gateway.
  • Email authentication. Validate the identities of email senders that use an organisation’s trusted domains and instruct the gateway what to do with messages that fail authentication.
  • Lookalike domain monitoring. Identify and flag potential risky domains outside of your control.
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More