Hijacking existing email threads is a common method of leveraging compromised vendor accounts. Attacks of this type are highly successful because of the implicit trust of the emails from the vendor.
Solutions
Detect Vendor Account Compromise
Detect Vendor Account Compromise
Solutions
Detect Vendor Account Compromise
Hijacking existing email threads is a common method of leveraging compromised vendor accounts. Attacks of this type are highly successful because of the implicit trust of the emails from the vendor.
Attack Breakdown
The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of a Vendor Account Compromise, the attackers will leverage a compromised vendor account to launch their attack. The delivery may contain a non-malicious attachment, but many successful attacks now only leverage simple requests in the email body.
How Abnormal Stops Vendor Account Compromise (BEC)
Abnormal Security uses a unique triangulation of Identity, Relationship and Content signals. Any single analysis may not lead to a high confidence decision, but Abnormal’s combination of these three pillars results in high precision and accurate identification of targeted email attacks.
01
Abnormal Identity Model
Abnormal builds external entity profiles with dozens of attributes. Of all the emails previously observed, emails originating from anomalous geolocations are flagged as suspicious.
02
Abnormal Relationship Graph
Profiling of prior communications shows a prior observed relationship between the sender and recipient. However, a change in the reply-to address is commonly associated with vendor account takeover and flagged as suspicious.
03
Abnormal Content Analysis
Computer vision techniques analyze the attachment. Prior references to the vendor in the invoice are checked, in addition to the bank name and routing information. Natural Language Processing algorithms analyze the email content for Topic and Sentiment.
01
Abnormal Identity Model
Abnormal builds external entity profiles with dozens of attributes. Of all the emails previously observed, emails originating from anomalous geolocations are flagged as suspicious.
02
Abnormal Relationship Graph
Profiling of prior communications shows a prior observed relationship between the sender and recipient. However, a change in the reply-to address is commonly associated with vendor account takeover and flagged as suspicious.
03
Abnormal Content Analysis
Computer vision techniques analyze the attachment. Prior references to the vendor in the invoice are checked, in addition to the bank name and routing information. Natural Language Processing algorithms analyze the email content for Topic and Sentiment.
Case Study
CSC Generation
Case Study
Debt Collector Impersonation / Invoice Fraud Attack
Case Study
Account Update / Invoice Fraud Attack
Abnormal is the email security company that stands for trust.
© 2020 Abnormal Security Corporation.
All rights reserved.