Insider threats are not always malicious employees looking to steal company data and information. In fact, most instances of data exfiltration at the hands of insiders are the result of simple mistakes, such as responding to a pretexting, or phishing, email. These unintentional insider threat incidents are some of the most frequent (and costly) ones that organizations face, according to a 2018 survey conducted by the Ponemon Institute.
What is pretexting?
A pretexting email is a form of social engineering in which someone lies or uses identity deception to obtain privileged data. The criminal pretends to be someone else—typically a boss, coworker, business partner or trusted brand. Business email compromise (BEC) and email account compromise (EAC) are two examples of attacks that use some form of pretexting.
Aside from the fact that these emails appear to be from someone the recipient trusts, pretexting works because it often carries a sense of urgency or comes in the form of a normal business request.
Here's how pretexting might work in a BEC attack:
- Posing as a department head, the attacker sends an email asking the finance department to transfer money right away to a vendor, helpfully providing bank account details.
- The financial employee, thinking the sender is a colleague, begins the transfer without verifying the details. For the finance department, there's nothing unusual about such a request, and the sender appears to be someone authorized to make it.
- The money is wired to the account in the attacker's email—perhaps to a bank account in Switzerland or the Cayman Islands, never to be seen again. The company may not be aware anything is amiss for weeks, or even months.
How to stop pretexting and phishing
What can be done to limit the risk of a pretexting scam or insider threat incident, and react quickly if one occurs?
Secure emailPretexting and phishing are complex and ever changing. Identity deception and spoofing—the most common pretexting tactics—result in compromised data and cost companies millions in fraudulent transactions. Seek out a layered approach addresses the multitude of tactics bad actors use to impersonate trusted users and brands.
Train users to be on the lookout for pretexting and phishing scamsAwareness training is key to help employees avoid falling for pretexting scam emails and becoming another insider threat incident waiting to happen. Deliver targeted education driven by threat intelligence to the right users. The best programs feature content is fully customizable and built using learning science principles. This ensures that your users are engaged during the training to better retain these critical skills.
Establish a policy to manage and respond to threatsWhat happens when you catch a pretexter? Develop a policy with HR and legal teams at your organization on how to handle the situation if you find out an employee has fallen for a pretexting scam. This policy should include: how to log incidents or activity trends, consequences for breaking policy, how to pull valid proof, and which authorities the employee should notify, if applicable.
Deploy an insider threat management solution
The best cybersecurity policies need the right tools to help get the job done (and done well). Insider threat management solutions like Profpoint Insider Threat Management empower teams to uncover risky user activities in real-time, rapidly investigate incidents when they occur, and prevent data loss. The best part: it won’t require days, weeks, months, or years to fully configure, and metadata tagging isn’t required.
Learn more about how we can help your organization manage insider threat risks, including defense against pretexting and phishing scams.
Subscribe to the Proofpoint Blog