Business Email Compromise (BEC) attacks frequently impersonate a high-level executive in an attempt to coerce an employee to transfer funds or confidential information. These attacks prey heavily on social engineering and rarely contain malicious attachments or links, resulting in frequent delivery into employee inboxes.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of an Executive Impersonation, the attackers will impersonate the sender using a variety of methods. The delivery may contain an attachment or a link, but many successful attacks will by pass detection methods by only leveraging simple requests in the email body.

How Abnormal Stops Executive Impersonation Attacks (BEC)

Abnormal Behavior Technology (ABX) is Abnormal Security’s unique triangulation of Identity, Relationship and Content. Any single analysis may not lead to a high confidence decision, but ABX’s combination of the three pillars results in high precision and accurate identification of targeted email attacks.

  1. 01

    Abnormal Identity Model

    Abnormal’s Identity Model captures dozens of attributes related to each employee. Personal email usage is observed and linked to the primary identity of the employee. Personal email addresses that are not associated with the primary employees are flagged as suspicious.

  2. 02

    Abnormal Relationship Graph

    Profiling of prior communications shows no prior observed relationship between sender and recipient.

  3. 03

    Abnormal Content Analysis

    Natural Language Processing algorithms analyze the email content for Topic and Sentiment. Urgent sentiment for financial requests are suspicious traits of Executive Impersonation Attacks.