Payroll fraud is common objective for employee impersonation attacks.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of an Employee Impersonation, the attackers will impersonate the sender using a variety of methods. The delivery may contain an attachment or a link, but most successful attacks will by pass detection methods by only leveraging simple requests in the email body.

How Abnormal Stops Employee Impersonation Attacks (BEC)

Abnormal Behavior Technology (ABX) is Abnormal Security’s unique triangulation of Identity, Relationship and Content. Any single analysis may not lead to a high confidence decision, but ABX’s combination of the three pillars results in high precision and accurate identification of targeted email attacks.

  1. 01

    Abnormal Identity Model

    Abnormal’s Identity Model captures dozens of attributes related to each employee. Personal email usage is observed and linked to the primary identity of the employee. Personal email addresses that are not associated with the primary employees are flagged as suspicious.

  2. 02

    Abnormal Relationship Graph

    Profiling of prior communications shows no prior observed relationship between sender and recipient.

  3. 03

    Abnormal Content Analysis

    Natural Language Processing algorithms analyze the email content for Topic and Sentiment. Email body contains language attempting to change bank account information.