Email Security Blog

How to Stop Phishing Message Voicemail Attacks

Jacob Rideout September 25, 2019 Email Security

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent.

A good example of a sophisticated attack and one that we address in the Agari Fall’19 release is the use of email with voice message attachments to execute phishing schemes. Here’s how they work.

A plain text email sent by a cybercriminal sails right through the secure email gateway (SEG) and lands in an employee inbox. It might contain what looks like a partial transcript and for Office365 environments might come with an EML file attachment. These attachments can contain hyperlinks and attachments and are blocked less frequently by the SEG.

With a click of the attachment, Outlook displays a preview. Since it’s not a full window, users often click on a link to explore deeper.

With curiosity spiked by the transcript and preview, the user is then directed to a page that looks like a Microsoft account login page, and is prompted to authenticate with their user id and password to hear the message. Often, the initial login is designed to fail on the first try. The user, now chasing escalating curiosity then re-enters their credentials and typically gains access to an innocuous message that seems all but irrelevant.

The message of course is designed to be useless, but to raise little suspicions about the fake login that just happened. With the successful ruse tucked away in their consciousness, workers then move on all the while unaware they’ve just given log in credentials to a cybercriminal. Their email account has been compromised along with any files or business systems that use the same credentials. The threat actor is then free to monitor communications, peruse systems and files authorized to the legitimate user and to execute targeted email account-takeover based attacks.

Is this a security breach or a human fail? Well, cyber insurance companies might care, but the impact on the target organization is largely the same.

Organizations convinced of the latter often look to cybersecurity training, which can work maybe 98% of the time in a best-case scenario. This is a bit like training an audience to spot a magician’s trick. Show them the tactic, and they can readily spot it a second time. Show them something new and novel, and the human detection rate falls dramatically.

The problem of course is that like magicians, cybercriminals always come up with new tricks. But in cybercrime, the delight and laughter comes from the threat actor at the victim’s expense.

The Agari Fall ’19 release trains machine learning on this problem. Using our highly innovative identify graph to detect convergence or divergence to known emails and sending behavior, Agari detects these ever-evolving attacks in a way humans and legacy systems cannot because it’s looking for good behavior, not bad signatures.

Like other attacks that target human emotions, the ruse obscures the scam, but the scam gets detected by email forensics. This is why enterprises need a dynamic approach that models identity and behaviors versus a static approach that looks for attacks matching previously detected patterns.

By dynamically modeling messages as they arrive globally on a scale of around 2T messages annually, new messages are evaluated in context of an entire global distribution of human-labelled messages. This enables attacks to be detected and stopped in real time and takes employees out of the direct line of fire of advanced email attacks.

Learn more about this and other new features available in the Fall ‘19 release.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

May 12, 2020 Chuck Holland

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication,…

Agari Blog Image

March 17, 2020 Armen Najarian

Phishing & Business Email Compromise (BEC): How Law Firms Can Protect Against Email Scams

The legal sector is learning some painful lessons about the growing threat phishing and business…

Agari Blog Image

December 17, 2019 Armen Najarian

Email Security Predictions 2020

Spoiler alert: When it comes to email security and the fight against business email compromise…

Agari Blog Image

November 19, 2019 Suela Vahdat

BEC Attacks on the Rise in Europe: 2019 Email Threat Survey

Business email compromise (BEC) scams, phishing campaigns, and other targeted email attacks happen all over…

Agari Blog Image

November 4, 2019 Doug Jones

Microsoft Office 365 + Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

mobile image