Why the Email Gateway is Not Enough to Stop BEC Attacks

February 13, 2017
Mark Guntrip

Business email compromise (BEC) attacks are rampant. It’s incredibly easy and lucrative for attackers to spoof trusted brands. These threats look just like normal business email and cannot be detected using sandbox technologies. What’s more, BEC actors are constantly shifting and evolving their tactics, moving from wire transfers, to tax and employee information, to intellectual property, and so on. Proofpoint has seen a shift away from CEO and CFO email spoofing and towards victims lower in the organization, making it even harder to detect these fraudulent messages.

For organizations looking to protect against BEC there are five core capabilities that need to be deployed to cover the rapid shift in BEC threat tactics:

  • Policy
  • Authentication
  • Dynamic classification
  • Data loss prevention (DLP)
  • Visibility

Many solutions try to solve this challenge with only static rules and policies. While this approach is certainly a start, it is simply not enough to protect your organization from these advanced threats. Trying to keep up with BEC attackers is unrealistic and would create too much demand on your resources.

Authentication

Sixty-six percent of all BEC attacks in the second half of 2016 spoofed the domain of the victim’s organization. Domain-based message authentication, reporting and conformance (DMARC) eliminates these attacks. By identifying and authenticating legitimate corporate and third-party senders who are authorized to send from their domains, companies can instruct secure email gateways and consumer mailbox providers on what to do with emails that fail to authenticate (report, quarantine, or reject).

Dynamic Classification

Blocking BEC threats at the email gateway, such as display name spoofing and lookalike spoofing, with dynamic, machine-learning technology helps your organization move beyond this first layer of protection. Automatically classify the threat-level of an email based on the analysis of critical information:

  • Email content (email subject, body shingles, etc.)
  • Sender reputation (sender/reply-to address, domain, etc.)
  • Email address manipulation

Data Loss Prevention

Preventing sensitive information from leaving, should a threat reach your organization, is a proactive approach you can take to solve the BEC challenge. As socially-engineered attacks, BEC attackers rely on the fact that human beings will make mistakes, even with the most critical data. In fact, thirty percent of recipients are opening phishing messages today. Ensure that you protect your important information from leaving your organization.

Visibility

Because these socially engineered attacks are so highly targeted and typically don’t include a payload for the email gateway to analyze, visibility is a critical component of solving the BEC challenge. By understanding what is happening across your threat vectors, you can block all forms of BEC attacks – protecting against wire transfer fraud, IP theft, W-2 scams, and more. Plus, full visibility across your email ecosystem to see who is sending email on your behalf, forensic details around BEC campaigns and  fraudulent domains that are being registered that may impact your organization, partners and customers.

Learn More

Stop BEC attacks before they reach your employees, business partners and customers. While these threats are ubiquitous, Proofpoint provides peace of mind with a comprehensive, multi-layered approach that moves beyond static rules. Respond quickly and accurately with dynamic classification, authentication, visibility and data loss prevention.

For more information on how Proofpoint offers comprehensive protection against BEC attacks visit www.proofpoint.com/bec. Click here for more information Proofpoint and this week’s RSA Conference 2017.