Detect Email

Compromised internal accounts allow the attackers to learn about the deals and payments that are about to transpire, and the language that the victim tends to use. Attacks from compromised accounts aren’t scanned or monitored by traditional email secuirty, resulting in very high success rates.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of an Email Account Compromise, the attackers will leverage a compromised internal account to launch their attack. The delivery may contain an attachment or a link, but most succcessful attacks now only leverage simple requests in the email body.

How Abnormal Detects EAC

Abnormal Behavior Technology (ABX) is Abnormal Security’s unique triangulation of Identity, Relationship and Content. Any single analysis may not lead to a high confidence decision, but ABX’s combination of the three pillars results in high precision and accurate identification of targeted email attacks.

  1. 01

    Abnormal Identity Model

    Abnormal’s Identity Model captures dozens of attributes related to each employee. Suspicious logins from geolocations that the user has never been and the configuration of a new filter rule to hide fraudulent emails from the Sent folder are flagged.

  2. 02

    Abnormal Relationship Graph

    Profiling of prior communications shows a prior observed relationship between the sender and recipient. Attackers frequently use established relationships for attacks using compromised accounts.

  3. 03

    Abnormal Content Analysis

    Computer vision techniques analyze the attachment. Prior references to the vendor in the invoice are checked, in addition to the bank name and routing information. Natural Language Processing algorithms analyze the email content for Topic and Sentiment.