“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible.
Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C-suite executives in emails to colleagues asking for personal or company information.
TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was
As important as Domain-based Message Authentication, Reporting & Conformance (DMARC) is to the fight against Business Email Compromise (BEC) and other advanced email threats, it's really just the first piece of the email security puzzle. And it certainly won't cut it alone.
Over the last four years, the information security community has learned a lot about business email compromise (BEC) and the inner workings of Nigerian cybercrime rings who have made it their mainstay.
Time is running out to join industry thought leaders as a featured speaker at Trust 2020, The Next Generation Email Security Conference, on April 15-17 in Los Angeles. The deadline to submit topics for consideration is October 31, 2019.
Trust 2020 is an exclusive, two-day customer event where senior security leaders from a wide range of industries converge to share thought-provoking ideas and actionable insights on defending against rapidly evolving email-based threats to their organizations.
Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to identify proper countermeasures, and it frustrates meaningful comparison between potential approaches.
When we first flipped on the lights in 2009, we knew we were embarking on an endeavor that wouldn’t be achieved overnight. We wanted to be deliberate, to build a rock-solid foundation—not a quick fix—that would support an email security ecosystem. We anticipated the hefty innovation and investment needed. But we also knew that investment would ultimately yield a durable solution that would change forever the security of the Internet. DMARC is the perfect example. It took three years for us to develop and roll out. Today, it’s the bedrock of email authentication, universally.
If you want to know why business email compromise (BEC) and other advanced email attacks keep working so well, just ask Dilbert.
In one particularly biting installment of Scott Adams' popular workplace comic strip, our tech geek hero sits in his cubicle perusing an email that reads, "Enter your bank account number." Dilbert's thought bubble reads "Scam."
At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent.
A good example of a sophisticated attack and one that we address in the Agari Fall’19 release is the use of email with voice message attachments to execute phishing schemes.
The 250% increase in business email compromise (BEC) scams over the past year should concern every organization, as should estimates of $26 billion in losses over the last five years from these attacks.