BEC: Employee Impersonation - Abnormal Security

Solutions

Stop Employee Impersonation

Payroll and invoice fraud is a common objective for employee impersonation attacks.

Solutions

Stop Employee Impersonation

Payroll and invoice fraud is a common objective for employee impersonation attacks.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of an Employee Impersonation, the attackers will impersonate the sender using a variety of methods. The delivery may contain an attachment or a link, but most successful attacks will bypass detection methods by only leveraging simple requests in the email body.

The Abnormal Advantage

See how Abnormal stops Employee Impersonation.

How Abnormal Stops Employee Impersonation Attacks (BEC)

Abnormal Security uses a unique triangulation of Identity, Relationship and Content signals. Any single analysis may not lead to a high confidence decision, but Abnormal’s combination of these three pillars results in high precision and accurate identification of targeted email attacks.

01

Abnormal Identity Model

Abnormal’s Identity Model captures dozens of attributes related to each employee. Personal email usage is observed and linked to the primary identity of the employee. Personal email addresses that are not associated with the primary employees are flagged as suspicious.

02

Abnormal Relationship Graph

Profiling of prior communications shows no prior observed relationship between sender and recipient.

03

Abnormal Content Analysis

Natural Language Processing algorithms analyze the email content for Topic and Sentiment. Email body contains language attempting to change bank account information.

01

Abnormal Identity Model

Abnormal’s Identity Model captures dozens of attributes related to each employee. Personal email usage is observed and linked to the primary identity of the employee. Personal email addresses that are not associated with the primary employees are flagged as suspicious.

02

Abnormal Relationship Graph

Profiling of prior communications shows no prior observed relationship between sender and recipient.

03

Abnormal Content Analysis

Natural Language Processing algorithms analyze the email content for Topic and Sentiment. Email body contains language attempting to change bank account information.