Use Case: BEC - Executive Impersonation
Watch the video to see how Abnormal detects impersonated employees and blocks attacks from those users.
Abnormal prevents sophisticated socially-engineered attacks that lack traditional indicators of compromise and evade secure email gateways.
We often come across a typical example of impersonation where someone pretends to be a high-ranking executive like a CEO or CFO by using a free email address or lookalike domain.
This is an email from Jonathan Green, our fictional organization's CFO, to Josh Waters, another internal employee where he's requesting payment for a vendor. To an unaware recipient, this email appears to be sent from Jonathan Green, a legitimate user in our organization.
But upon further investigation, we can see that this email is being sent from a gmail.com address. Because of this, it will pass standard sender authentication methods such as SPF, DKIM, and DMARC. Additionally, there are no links or attachments in the email, making it challenging for traditional email security providers like secure email gateways to classify this type of email as malicious.
So, how was Abnormal able to detect this type of attack? While this email appears to be from Jonathan Green, a user within the organization, our identity analysis detected that Jonathan Green has never used this email address. The solution also highlighted a behavioral anomaly because of an atypical communication between Jonathan and Josh, and our content analysis detected that the email had a financial request trying to convey a sense of urgency.
Abnormal ingests tens of thousands of signals from your cloud email platform. Our natural language processing models extract key indicators to understand the topics, sentiments, and entities of every message your organization receives. The solution creates a behavior profile per-user and per-organization on their normal behavior. This understanding allows us to detect anomalies in their relationship, communication habits, and more.
After detection, Abnormal will automatically remediate the message, eliminating the chance of engagement by recipients.
Discover more about how Abnormal detects and blocks executive impersonation by requesting your personalized demo today.