Use Case: BEC - Scam

Discover how Abnormal stops malicious payroll or other financial requests that appear to come from legitimate senders.

Watch the video to see a real business email compromise scam detected by Abnormal.

Video Transcript

Let's take a look at an example that we, and likely you, see quite frequently: an impersonation of an internal employee using a free email address. All the attacks that you see within our environment are real attacks that we've seen within customer environments with the data anonymized.

This is an email that looked to be sent by Zach Newton to another internal employee, Josh Waters. The goal here is to begin some sort of engagement and change his direct deposit information. This email appears to be coming from a known sender, Zach Newton, but the sender address, of course, is not our internal domain. It's coming from this gmail.com.

Since it is coming from gmail.com, a reputable domain, it is going to pass all the sender authentication methods like SPF, DKIM, and DMARC. Also, this email does not have any links or attachments, making it very difficult to detect for traditional email security providers like those security mail gateways.

So how is Abnormal uniquely able to detect these types of attacks? Well, based on emails of this type that we've seen before, we understand that the language of this email is referencing direct deposit information and exhibits common patterns of payroll fraud.

Next, because of our deep identity insights with our integration with Azure Active Directory, we know that Zach Newton does not use this Gmail address to send company- and work-related emails. Finally, because of our advanced natural language processing models, we're able to detect, through this content analysis, that this is a financial request with some urgent sentiment, which is typically associated with business email compromise attacks of this type.

You can see that with deeper analysis here. We see this request, its financial nature, and the time sensitivity around it. Based on these signals, we are able to assess the email to be malicious and automatically remediate it so it's never accessible to the end user.

Want to know more? Request your personalized demo today.


Use Case: BEC - Scam

See Abnormal in Action

Schedule a Demo
 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Resources

Abnormal Landscape
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now
B TAG Cyber
Download the white paper to discover how to better secure your cloud email environment and choose the right security solutions provider.
Read More
B ESG
New survey reveals the latest trends shaping communication and collaboration application security.
Read More
B 1500x1500 Choice Hotels Bright Talk Demo Day L1 R1
Discover how Choice Hotels is simplifying their email security, streamlining their operations, and preventing email attacks with the highest efficacy.
Watch Now
B 05 01 23 MKT279 New Slack Data Sheet
Secure your messages and keep Slack from becoming an entry point for attackers.
Read More
B 05 02 23 MKT283 New Zoom Solution Brief
Protect your Zoom collaboration and prevent attackers from using the application to breach your business.
Read More
B Email Like SPM
Monitor high-impact changes to user privileges across collaboration apps with Email-Like Security Posture Management.
Read More
B Email Like Messaging Security
Detect malicious message content across collaboration apps with Email-Like Messaging Security.
Read More
B Email Like ATO
Detect compromised user accounts across your critical communication channels with Email-Like Account Takeover Protection.
Read More