BEC: Executive Impersonation - Abnormal Security

Solutions

Stop Executive Impersonation

Business Email Compromise (BEC) attacks frequently impersonate a high-level executive in an attempt to coerce an employee to transfer funds or confidential information. These attacks prey heavily on social engineering and rarely contain malicious attachments or links, resulting in frequent delivery into employee inboxes.

Stop Executive Impersonation​

Solutions

Stop Executive Impersonation

Stop Executive Impersonation​

Business Email Compromise (BEC) attacks frequently impersonate a high-level executive in an attempt to coerce an employee to transfer funds or confidential information. These attacks prey heavily on social engineering and rarely contain malicious attachments or links, resulting in frequent delivery into employee inboxes.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of an Executive Impersonation, the attackers will impersonate the sender using a variety of methods. The delivery may contain an attachment or a link, but many successful attacks will bypass detection methods by only leveraging simple requests in the email body.

The Abnormal Advantage

See how Abnormal stops Executive Impersonation.

How Abnormal Detects EAC

Abnormal Security uses a unique triangulation of Identity, Relationship and Content signals. Any single analysis may not lead to a high confidence decision, but Abnormal’s combination of these three pillars results in high precision and accurate identification of targeted email attacks.

01

Abnormal Identity Model

Abnormal’s Identity Model captures dozens of attributes related to each employee. Personal email usage is observed and linked to the primary identity of the employee. Personal email addresses that are not associated with the primary employees are flagged as suspicious.

02

Abnormal Relationship Graph

Profiling of prior communications shows no prior observed relationship between sender and recipient.

03

Abnormal Content Analysis

Natural Language Processing algorithms analyze the email content for Topic and Sentiment. Urgent sentiment for financial requests are suspicious traits of Executive Impersonation Attacks.

01

Abnormal Identity Model

Abnormal’s Identity Model captures dozens of attributes related to each employee. Personal email usage is observed and linked to the primary identity of the employee. Personal email addresses that are not associated with the primary employees are flagged as suspicious.

02

Abnormal Relationship Graph

Profiling of prior communications shows no prior observed relationship between sender and recipient.

03

Abnormal Content Analysis

Natural Language Processing algorithms analyze the email content for Topic and Sentiment. Urgent sentiment for financial requests are suspicious traits of Executive Impersonation Attacks.