Use Case: BEC - Executive Impersonation

See how Abnormal prevents sophisticated socially-engineered attacks that lack traditional indicators of compromise and evade secure email gateways.

Watch the video to see how Abnormal detects impersonated employees and blocks attacks from those users.

Video Transcript

Let's take a look at an example that we, and likely you, see quite frequently: an impersonation of an executive using a free email address. As you can see here, it's an email being sent by Jonathan Green, the CFO of our fictitious organization, to another internal employee, Josh Waters. The goal here is to get two checks sent out and create some sort of engagement between the threat actor and the recipient.

We can see here that while this email is coming from Jonathan Green, a real user within our organization, it is coming from this gmail.com address. And since it is coming from gmail.com, it is going to pass all the traditional sender authentication methods like SPF, DKIM, and DMARC. We can also see that this email does not have any links or attachments, making it very difficult to detect for traditional email security providers like secure email gateways.

So how is Abnormal able to uniquely detect this type of attack? Well, through our API integration with Azure Active Directory, we're able to see organizational roles. In this case, Jonathan Green is the Chief Financial Officer, and we see Josh Waters here is the Senior Director of Accounting. Looking at the indicators of how we detected this, we're looking at the identity and we see that of the over 8,000 real emails we've seen from Jonathan Green, none have been sent from this gmail.com address.

Looking further at the behavioral analysis, we see this atypical communication. Josh and Jonathan have never previously corresponded over email. And lastly, looking at the content, we see this urgent financial request. You could see that below, which I have highlighted, we see a request with time sensitivity and it's of a financial nature.

Based on all of these indicators, we are able to accurately detect this attack as being a VIP impersonation. We would automatically remediate this and send this email to the recoverable items folder so it's never accessible to the end user.

Want to know more? Request your personalized demo today.


Use Case: BEC - Executive Impersonation

See Abnormal in Action

Schedule a Demo
 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Resources

Abnormal Landscape
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now
B TAG Cyber
Download the white paper to discover how to better secure your cloud email environment and choose the right security solutions provider.
Read More
B ESG
New survey reveals the latest trends shaping communication and collaboration application security.
Read More
B 1500x1500 Choice Hotels Bright Talk Demo Day L1 R1
Discover how Choice Hotels is simplifying their email security, streamlining their operations, and preventing email attacks with the highest efficacy.
Watch Now
B 05 01 23 MKT279 New Slack Data Sheet
Secure your messages and keep Slack from becoming an entry point for attackers.
Read More
B 05 02 23 MKT283 New Zoom Solution Brief
Protect your Zoom collaboration and prevent attackers from using the application to breach your business.
Read More
B Email Like SPM
Monitor high-impact changes to user privileges across collaboration apps with Email-Like Security Posture Management.
Read More
B Email Like Messaging Security
Detect malicious message content across collaboration apps with Email-Like Messaging Security.
Read More
B Email Like ATO
Detect compromised user accounts across your critical communication channels with Email-Like Account Takeover Protection.
Read More