Business email compromise (BEC) and email account compromise (EAC)—a collective $26B problem—are issues that organizations of all sizes, in all industries, must address.
Our “Combatting BEC and EAC” blog series dives into how you can stop these threats at your organization. Each post focuses on one of seven key steps. In this post, we explore the fourth step: isolating Web access to prevent account compromise.
Email Account Compromise is Key Tactic for Email Fraud
Impersonation tactics like display name spoofing, domain spoofing and lookalike domains often come to mind when we think of BEC or email fraud. However, Proofpoint has observed attackers also employ email account compromise as a key tactic in email fraud attacks.
Compromised accounts are incredibly valuable to attackers. They enable them to conduct reconnaissance by identifying suppliers or partners and uncover email threads about invoices. More importantly, the fraudulent emails sent from compromised accounts are virtually indistinguishable from legitimate email. They carry the same display name and email address; they are sent from the same mail server; and they pass all email authentication protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication Reporting and Conformance (DMARC).
Because compromised accounts evade traditional impersonation controls, it’s critical that organizations implement a layered defense against email fraud.
Credential Phishing: A Common and Effective Means to Compromise Accounts
While attackers often try multiple ways to breach a user’s account, including brute-force attacks, key-logging software and third party application auth tokens, phishing emails remain the most effective weapon in the cybercriminal's arsenal for stealing a user’s credentials. Proofpoint threat research found that email-based attacks, like credential phish and malware, affect nearly twice as many customers and are nearly 2.5 times more effective at compromising accounts when compared to brute-force or credential variance attacks.
Operating from multiple countries, threat actors have become increasingly sophisticated in their attempts to lure users into clicking a malicious link and divulging confidential account credentials, often targeting specific “high value” individuals with customized attacks via both corporate and personal email. That’s why isolating web access, both URLs in corporate email and personal webmail, is a critical control for securing email accounts.
Balancing End User Experience with IT Security
With traditional URL and email filtering, relying on an “allow all” or “block all” type of filtering method just doesn’t work anymore. IT teams get constantly overburdened with one-off requests while employees grow tired and frustrated of submitting IT requests to access websites or view their cloud-based accounts. Managing all this can be extremely difficult and must be done in a way that doesn’t frustrate your users, invade their privacy or impede their workflow.
Web Security without Compromise for Today’s Changing Workforce
Proofpoint’s Email and Browser Isolation grants employees the freedom to browse their personal email and the broader web while providing a more secure network for the organization.
While other vendors provide a one-size-fits-all approach to web isolation, Proofpoint’s Email and Browser Isolation solution instead let you apply adaptive isolation controls to select users based on their risk profiles. This people-centric approach enables you to set custom isolation policies for targeted users, effectively lowering your risk. Our browser isolation capabilities protect your people from high-risk URLs that include unknown URLs, social networks and online cloud applications. We also provide you with real-time phishing detection and URL re-write for your Very Attacked People™, allowing you to deploy adaptive security controls and better manage risk for your organization.
Our web isolation capabilities let users safely access URLs in corporate email, websites and personal webmail by isolating browser sessions in a secure container. Users can interact with the website in a secure environment but Proofpoint restricts uploads and downloads and data input while the website is being analyzed. (This usually takes no more than a few minutes.) The proprietary real-time anti-phishing scan runs as soon as the page is opened. If the page is identified as malicious, it automatically blocks any further interaction. This technology helps prevent credential theft and protects your users against malware and malicious content, especially for phishing emails that contain URLs that become unsafe after they’re delivered.
Proofpoint Isolation helps organizations dramatically reduce the size of their attack surface while providing a more secure network. And employees can surf the web for personal business or access their cloud-based email accounts without worrying about accidentally triggering a malicious link.
As attackers continue to use email account compromise (EAC) in BEC and email fraud attacks, isolating web access provides another layer of protection against credential theft and malware infection. To find out if your organization is adequately protected from BEC and EAC attacks, take our complimentary assessment here.