BEC: Vendor Account Compromise - Abnormal Security

Solutions

Detect Vendor Account Compromise

Detect Vendor Account Compromise

Hijacking existing email threads is a common method of leveraging compromised vendor accounts. Attacks of this type are highly successful because of the implicit trust of the emails from the vendor.

Detect Vendor Account Compromise​

Solutions

Detect Vendor Account Compromise

Detect Vendor Account Compromise​

Hijacking existing email threads is a common method of leveraging compromised vendor accounts. Attacks of this type are highly successful because of the implicit trust of the emails from the vendor.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of a Vendor Account Compromise, the attackers will leverage a compromised vendor account to launch their attack. The delivery may contain a non-malicious attachment, but many successful attacks now only leverage simple requests in the email body.

The Abnormal Advantage

See how Abnormal stops Vendor Account Compromise.

How Abnormal Stops Vendor Account Compromise (BEC)

Abnormal Security uses a unique triangulation of Identity, Relationship and Content signals. Any single analysis may not lead to a high confidence decision, but Abnormal’s combination of these three pillars results in high precision and accurate identification of targeted email attacks.

01

Abnormal Identity Model

Abnormal builds external entity profiles with dozens of attributes. Of all the emails previously observed, emails originating from anomalous geolocations are flagged as suspicious.

02

Abnormal Relationship Graph

Profiling of prior communications shows a prior observed relationship between the sender and recipient. However, a change in the reply-to address is commonly associated with vendor account takeover and flagged as suspicious.

03

Abnormal Content Analysis

Computer vision techniques analyze the attachment. Prior references to the vendor in the invoice are checked, in addition to the bank name and routing information. Natural Language Processing algorithms analyze the email content for Topic and Sentiment.

01

Abnormal Identity Model

Abnormal builds external entity profiles with dozens of attributes. Of all the emails previously observed, emails originating from anomalous geolocations are flagged as suspicious.

02

Abnormal Relationship Graph

Profiling of prior communications shows a prior observed relationship between the sender and recipient. However, a change in the reply-to address is commonly associated with vendor account takeover and flagged as suspicious.

03

Abnormal Content Analysis

Computer vision techniques analyze the attachment. Prior references to the vendor in the invoice are checked, in addition to the bank name and routing information. Natural Language Processing algorithms analyze the email content for Topic and Sentiment.

Case Study

CSC Generation

Case Study

Debt Collector Impersonation / Invoice Fraud Attack

Case Study

Account Update / Invoice Fraud Attack