Abnormal can detect and stop malicious payroll diversion or other financial scams that appear to come from legitimate senders.
This example is an attack type that, like you, many organizations frequently face.
An attacker, pretending to be an employee, attempts to engage with the recipient in a request to modify their payroll information.
This attack's simplicity makes it difficult for secure email gateways to detect. The attack vector is a text-based email with no links or attachments, and since this message is coming from a valid domain, in this case, Gmail, it will pass all traditional authentication methods, like SPF, DKIM, and DMARC.
So how was Abnormal able to detect this type of attack?
Abnormal creates a behavior profile of every identity that interacts with your organization, and here we can see how it flagged the unusual sender trying to engage with the organization.
Our natural language processing models identified that this message involved a direct deposit request, and the solution knows that this type of request is typically associated with payroll fraud.
Using these and other signals, the solution concluded that this message was malicious and automatically remediated it, eliminating the possibility of engagement by the recipient.
