News

September 5, 2018 | Written by: Michelle Reinhold

Spear Phishing and Cyber Fraud – What are they and how to protect your business

Protect yourself, your business and your brand.

YORK, PA (20 August 2018) – Spear phishing and Cyber fraud are gaining traction as the most significant security threats and are causing detrimental damage to individuals and businesses. What is Spear Phishing and Cyber Fraud and how do they work? Spear phishing is when a cyber attacker generates an email under a false identity, and then sends the email to an individual or company. The attackers hope is that the receiver clicks on a false link in the email or the receiver releases confidential information. Committing this type of attack is cyber fraud, unlawfully taking gains away from someone under false pretenses via an electronic device over the internet. These threats are an ongoing issue that can affect anyone and any organization.

The FBI has reported that spear phishing has cost organizations over $5 billion dollars (https://www.ic3.gov/media/2017/170504.aspx). The underlining issue is educating people that it can happen to anyone. Most people seem to think that this number is mostly made up of large organizations but it’s a combined number of all businesses, from small mom and pop shops to large corporations every business is a target. Attackers don’t care how large or small your business is or what it will do to you personally or professionally. All they care about is fulfilling their desire of getting ahold of the information or resources that they are interested in obtaining. Small and medium size businesses are the prime target for attackers. Large organizations and corporations have high level, high dollar security solutions in place to help protect them against these threats, making their infrastructures harder to access and penetrate. Small to medium size businesses are prime targets, because they generally do not have high dollar securities solutions in place and are much easier to penetrate. So, how do you protect yourself, your employees, and your company?

First, educate yourself and your employees on what a spear phishing attack is and how to spot them. Second, evaluate your email security infrastructure. Do you have anything in place that protects you from phishing attacks and cyber fraud? Third, continue to educate yourself and your employees not only on phishing and fraud attacks but all cyber-attacks, and keep your network and email security solutions up to date.

Barracuda Sentinel, by Barracuda Networks, can provide these solutions for you. Sentinel helps negate phishing attacks, protects against domain fraud and provides anti-fraud training; therefore, protecting you, your business, and your brand. By utilizing its highly advanced Artificial Intelligence (AI) to detect spear phishing attacks, ease of DMARC (Domain-based Message Authentication Reporting & Conformance) setup and reporting, and high-risk targeting training, Sentinel will help bring you peace of mind against spear phishing and cyber fraud attacks.

So why are traditional email security solutions no longer enough protection? Email gateways have three flaws: they only monitor external emails not internal, they look for obvious malicious signals without getting granular, and they rely on static rules. Only monitoring external emails leaves the door wide open for internal email. Therefore, a compromised account can send out internal targeted attacks undetected and to whomever it wants. Hackers also navigate around gateways by steering away from using traditional malicious attacks such as malware and blacklisted website links. They use legitimate external or internal email addresses and non-blacklisted links to obtain their desired outcome. Gateways tend to rely on static rules that stop bad communications such as mass emails, but they do not search, analyze or detect individual target emails. Hackers use these flaws to penetrate your email system and compromise your data. How does Sentinel protect against all of this? Sentinel’s AI combats these attacks by learning your organizations’ specific communication patterns, and by identifying and blocking real-time spear phishing attacks. By learning and analyzing the company’s’ existing communication patterns, it can quickly identify anomalies and impersonation attempts enabling Sentinel to stop attacks in real-time. It also analyses individuals within the company to identify who is considered to be a high-risk target for attacks.

Domain fraud, aka domain spoofing, is among the hardest type of attack for a person to detect. The attacker sends an email impersonating someone from a trusted company to a target. The target thinks the email is legitimate, because it appears to be coming from a trusted source or person, and provides the requested financial, personal, or confidential information. This can not only be detrimental to you financially but to your reputation as well. Spoofing a domain allows an attacker to not only send emails internally to employees, but externally to unsuspecting clients, partners and people in the community, having a negative effect on your company and brand. Barracuda Sentinel helps protect your company and brand by offering an intuitive DMARC setup wizard. It also offers easy to use reports that allow you to further drill down quickly and efficiently to review and monitor all email communications sent from your domain.

Who is most at risk of being targeted or spoofed at your company? CFO’s and executive management are the highest spoofed email addresses, since people generally are quick to return answers and information to them in a very short turnaround time. Malicious attackers are able to successfully impersonate executives and fool targets through social engineering and typosquatting. Financial, Human Resources (HR), Legal, Information Technology(IT), Engineering and Administrative Assistance are the highest hit targets. Employees in any kind of financial position are among the highest targets as they are the gatekeepers to the company’s financial information and finances. HR and legal employees are targeted due to their privileges to vast amounts of personal information such as social security numbers, legal names, addresses, dependents, etc. IT and engineering employees are targeted for the company’s proprietary information, access to the corporate network, and wire transfer approvals. Employees in an administrative assistant position are prime targets as they have access to credentials of many executives to help streamline processes and keep the organization running smoothly behind the scenes. Leveraging intelligence from its AI platform, Sentinel identifies high-risk individuals and tailors specialized training for them to assess their security awareness and how prone they are to falling for these attacks.

“Countless organizations and individuals have fallen prey, sending wire transfers and sensitive customer and employee information to attackers impersonating their CEO, boss, or trusted colleague,” states Barracuda Networks (https://www.barracudasentinel.com). “Gain peace of mind against spear phishing and cyber fraud. Be up and running in minutes with an easy setup. 100% cloud delivered, with no hardware or software to install or maintain – and zero impact on your network performance.”

To learn more about how Barracuda Sentinel can protect your business, contact Business Information Group, Inc. at businessinformationgroup.com/contact.