Identity deception could be impacting your business
Identity deception is used by threat actors to attack your business in two main ways; spoofing an identity (BEC) or stealing a valid identity (EAC). It is critical to address both elements to minimize the risk of losses associated with these threats.
Business Email Compromise
Business Email Compromise (BEC) attacks ask the victim to send money or personal information out of the organization. Attackers do this by spoofing a person in authority, such as a CEO or VP of Finance. In order to stop BEC attacks, organizations should consider implementing controls that:
- Blocks attacks that use spoofed and lookalike domains
- Analyzes all email content and headers using machine learning
- Enables creation of global email authentication policy
- Removes suspicious and unwanted email from end user inboxes
- Shows authentication status across supply chain and business partners
- Offers end user education to help identify Business Email Compromise (BEC) attacks
- Blocks attacks that use spoofed and lookalike domains
Email Account Compromise
Email account compromise can occur if a threat actor successfully tricks a victim into providing their credentials or accesses an account through other means. If an account is compromised, it can be used to move lateraly inside an organization, steal data, or fraudulently communicate with your business partners or customers. In order to protect against email account compromise, you need a solution that:
- Highlights brute-force attacks and suspicious user behavior across cloud applications
- Identifies very attacked people
- Forces password resets on accounts that are compromised
- Enables read-only access to unknown websites to prevent credential theft
- Assess end user vulnerability to credential theft attacks
BEC
Business Email Compromise
At Proofpoint, we offer a layered approach to protecting against Business Email Compromise (BEC) by addressing the many tactics that are used by threat actors. Tackling the problem in this way prevents threats using display name spoofing, domain spoofing and lookalike domains. This also prevent BEC threats impacting your partners and customers with DMARC email authentication; this prevents potential financial impact as well as brand damage. We provide education and visibility so you understand how your organization is being attacked and the potential vulnerabilitity of an individual or group to fall for an attack. And we improve the ability of your people to identify these threats.
EAC
Email Account Compromise
Preventing email account compromise spans different threat vectors, given the propensity of credential reuse across different accounts that an end user might have; this can also span personal and corporate accounts. We give you visibility and control across cloud applications, email and personal webmail. This helps you prevent the loss of credentials and identify suspicious behavior accessing these accounts. It is critical to be able to identify attempted email account compromise and the symptoms of accounts that are already compromised. In this way, your organization can limit exposure to both infection and data loss.
How to Effectively Block BEC and EAC Attacks
Gateway
- Block attacks that use spoofed domains
- Tag external email to inform recipients of the origin of the email
- Analyze message headers to identify anomalies
- Analyze all email content with machine learning
- Identify and block display name spoofing
- Enforce email authentication policy
Authentication
- Create a global email authentication policy (DMARC) and enforce it on an internet-wide basis
- Block all attempts to send unauthorized emails from your trusted domains
- Report on look-alike domain registrations
Cloud Applications
- Identify suspicious cloud account activity
- Detect brute-force attacks
- Build policies to prioritize alerts
Web Access
- Isolate access to unknown websites
- Provide read-only access until security analysis is complete
- Control content entering your organization through personal webmail accounts
Visibility
- Identify the VAPs in your organization
- View the authentication status of your supply chain
- Provide user-centric visibility into account attacks
Automated Remediation
- Identify and remove suspicious emails that have entered the organization
- Remove unwanted email from internal accounts that are compromised
- Force password resets and disable accounts that are compromised
- Use an account authentication solution to reauthenticate sessions
- Investigate account compromise incidents
Education
- Assess user vulnerability to BEC and EAC threats
- Train users on how to identify threats and credential theft
- Automate abuse mailbox process
Demo
Protection against business email compromise
Proofpoint email analysis accurately identifies and blocks business email compromise using machine learning techniques and email authentication.
Watch the Demo