BEC attacks up by 45%, use spoofed email domains to trick victims: Proofpoint

Proofpoint, a leading security and compliance company released a new report. A 45 % increase in Business email compromise (BEC) attacks during the last months of 2016. More than 45,000 companies reported at least one incident of a BEC attack. Attackers are using more and more sophisticated ways to attack a larger area of companies.

During the months of July to December 2016 the manufacturing, retail and technology industries were prone to more attacks as the attackers took advantage of more supply chains and SaaS infrastructure of the targeted companies. Companies of all sizes were prone to these attacks.

“ Seventy-five percent of our customers were hit with at least one attempted BEC attack in the last three months of 2016&mdash and it only takes one to cause significant damage,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint.

The attackers also upped their sophistication of the attacks by creating an email domain to spoof the targeted personnel of the company using a familiar name, thus making the email look more realistic and make to act the personnel with so much as a second thought. This process is done not only to senior executives of the company but also the personnel in accounts department, to wire money and confidential tax information and also identity theft.

This spoof can be found out in the subject line of the email proofpoint found the subject mail contains words like urgent (30%), payment (21%), and request (21%) often to deeper personnel of the targeted organization.

The size of the target is also considered because larger organizations were less likely to fall due to their cyber security, but it is the opposite for smaller organizations.

Tag : Phishing
FAQ
Q
Why Should I Care About DMARC?
A
Nearly all Mail Transport Agents, including the ones used by Gmail and Microsoft Exchange Server, default to relying on DMARC for direction on what action to take if an email fails SPF or DKIM. If the sending domain has no DMARC record or a record with a policy of none, the mail server fails open and delivers the email.
Q
Can Spoofed Email be Traced?
A
The IP address used to send an email is logged and is traceable. This address can then be cross-referenced with the ISP DHCP records to determine who sent the email. If simply trying to trick siblings or friends, it will appear to be from the “faked” email address. This is why spammers and hackers will not send spoofed email from their own IP address(es). Instead, they route the spam through other destinations before sending it to the desired recipient(s).
Q
What are the Techniques to Spoof Email?
A
Although it is straight forward to change the “From” field in an email header, the email can still be traced to the sender. Additionally, the majority of major ISPs maintain “black lists” to ban known spam senders from sending email to users on their network(s). As a result, spammers have now evolved to using specialized software to create a random sending email address. These email addresses will rarely be active or used for a second time.
Q
Why do People Spoof Email?
A
Email is primarily spoofed for one of two reasons: 1 – Spam or 2 – To conduct a phishing or spear phishing attack. Spammers spoof the “From” field many times in order to hide their identity from the email recipient. The message body usually has advertisements or links to offers that the spammers are trying to sell to the recipients.
Q
How does Email Spoofing Work?
A
Email spoofing basically alters the email header to make it appear as though it originated from a different source address. This is possible because the Simple Mail Transfer Protocol (SMTP) does not support any type of sending authentication. Originally, email spoofing was used for legitimate reasons. For example, it was used when someone wanted to send mail appearing to be from their email address when logged on to a network that was not their own. Today, it is commonly used for spam or malicious purposes. The email fields can be edited in many email clients, automated spam, and hacker tool kits that are on the market.