Managed Phishing Protection & Email Security

Email is a critical window to the world for any modern organization, and, just as it affords you and your customers an easy avenue for communication, email also provides attackers a direct line into your company and users. In looking at trends in attacks, 90% of all successful attacks had an element of Phishing that sought to exploit human users through deception. The reason why the frequency of attacks has been increasing sharply year over year is simple…a phishing attack often takes very little effort to create and execute, most companies are poorly protected or their anti phishing measures are poorly configured, and most importantly phishing attacks usually work on someone in the target organization. This makes a robust multi-point intelligent inspection solution an import part of internet security measures at any company.

What is Phishing?

Simply put phishing, a type of attack that uses methods broadly know as Social Engineering. Phishing attacks happen when an attacker sends a message that creates false pretext of one kind or another designed to fool or trick a human user into doing something.

WHAT IS PHISHING?

Simply put phishing, a type of attack that uses methods broadly know as Social Engineering. Phishing attacks happen when an attacker sends a message that creates false pretext of one kind or another designed to fool or trick a human user into doing something.

Some of the methods that are regularly seen contain one or more of the following elements:

  • Directing the victim to a fake login page to steal information like credentials, credit card numbers, or account numbers or other sensitive information.
  • Getting a victim to open a malicious email attachment or click a malicious link that leads to attackers potentially compromising the user’s device.
  • Impersonating a trusted person to:

    • Get people to buy gift cards.
    • IT support services telling you to change your password or do something else.
    • Change financial transaction details right before a payment is to be made.
    • Get someone to text message a number for a task the trusted person needs help with.
  • Exploiting a person in a position of authority’s identity to get subordinates to do things.
  • Exploiting a person in a position of authority’s identity to get subordinates to do things.

According to FBI data from consumer reported phishing attacks, there were over 250,000 victims of phishing in 2020, reporting combined consumer losses of more than $260 million.

To reduce the likelihood of becoming a victim the FBI recommends:

  • Protect your devices by using anti-virus and anti-malware software.
  • Don’t assume a message that looks like it is from a friend or business associate is real. Use a known phone number or email account to contact the person or company to confirm before ever clicking on a link or opening an attachment.
  • Do not send money or gift cards to anybody that you don’t know personally.
  • Never give out your personal information over the phone or to individuals you do not know.

BEC OR BUSINESS EMAIL COMPROMISE

Business Email Compromise is one of the most dangerous email threats facing companies today as it is difficult to spot and nearly impossible to stop. You might ask how could that be? From a company perspective, you cannot stop attackers from pretending to be you to the world at large. Anyone can register a similar or believable email address or create an alias that looks like any company and outright faked email addresses are seen regularly. Without proper solutions in place companies will have to rely on humans detecting phishing attacks on their own which can be difficult as legitimate@exampleemail.com can look very similar to legitimate@exampIeemail.com. The difference is the letter L in the second example is a capital “i”. Humans will miss this, and many traditional phishing protection measures like secure email gateways will often times fail to catch this.

Business email compromise (BEC) has four major steps:

Attackers identify a target – this phase can be heavily automated through the use of probing emails seeking to find users that fall for simple scam messages.

Grooming and Intel gathering – attackers gather information about the target organization and craft “spear phishing” attacks (directed at specific users), attackers may also make phone calls in an effort to learn more information. Attackers may also compromise user credentials and gain access to user email. This information is used to find the best way to extract money.

The victim (internal : target company or external: customer of target company) is convinced by the attacker that what they are doing is a legitimate business transaction. Usually, victims are provided wiring instructions.

Upon transfer the funds are pushed to an account controlled by the attacker.

According to FBI data, BEC has cost US businesses more than $2 Billion dollars:

“             Cyber criminals are targeting organizations that use popular cloud-based email services to conduct Business Email Compromise (BEC) scams. The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling more than $2.1 billion in actual losses from BEC scams using two popular cloud-based email services. While most cloud-based email services have security features that can help prevent BEC, many of these features must be manually configured and enabled. Users can better protect themselves from BEC by taking advantage of the full spectrum of protections that are available.

There are a number of BEC scam variants. One of the most effective types is initiated through phishing emails designed to steal email account credentials. Cyber criminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cyber criminal to target victims using cloud-based services. Upon compromising victim email accounts, cyber criminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.

Using the information gathered from compromised accounts, cyber criminals impersonate email communications between compromised businesses and third parties, such as vendors or customers, to request pending or future payments be redirected to fraudulent bank accounts. Cyber criminals frequently access the address books of compromised accounts as a means to identify new targets to send phishing emails. As a result, a successful email account compromise at one business can pivot to multiple victims within an industry.

Depending upon the provider, cloud-based email services may provide security features such as advanced phishing protection and multi-factor authentication that are either not enabled by default or are only available at additional cost."
(FBI Alert Number I-040620-PSA, April 06, 2020)

PREVENTING A PHISHING ATTACK

While secure email gateways (SEG) are still very popular and a decent investment, SEGs, have been rendered less effective as attackers have developed methods to counter them. SEGs mostly use prevention techniques that are rooted in single measure detection to stop an attacker. Many SEGs scan links and attachments to see if they are malicious. They look at sender email and IP address reputation, and they even check things like SPF, DMARC, or DKIM records with the associated sender domain to see if the origin is authorized to be sending email on behalf of the domain used by the sender’s address, the example from sender@example.com. While the messages are being inspected their delivery may be delayed and often there is a setting that allows messages to pass while inspection is completed. Polymorphic phishing attacks seek to overwhelm or get around SEG inspection by varying the elements inspected by a SEG. It may be that an attacker uses several different email addresses, IP addresses, links and attachments sent to several different recipients in the hopes that one message will make it through.

Dark Rhino routinely uncovers malicious emails that have successfully bypassed SEG, office 365 and google workspace phishing and spam protections to arrive in user’s inboxes. We can detect attempts to impersonate VIPs, and we can detect language used commonly by attackers. Within seconds our managed phishing protection can remove malicious emails, add user alert banners, and isolate attacks that SEG solutions miss.

Our service has seen attempts to get impersonate VIP users, pass fake login pages or malicious attachments. It also leverages a distributed community of security analysts that help identify attacks and update the collective understanding across the environment. This makes spotting extremely advanced attacks even faster and easier.

Spear phishing attacks seek to exploit a specific human, often using a pretense, story, or scheme tailored to that person in a way that fits with their life, job, or identity. Phishing scammers have stepped up their game, gone are the days of email messages with obvious misspellings and horribly poor grammar and ridiculous Nigerian princes looking to give away a fortune in exchange for a favor. Now, serious attackers present phishing scams that are polished, well written and conceived emails or text messages that are sometimes difficult to spot as being malicious.

Imagine getting an email from a good friend about a social event you are looking to attend. Let’s say it’s a wine tasting, and a friend reaches out via email or text message asking if you would like to go in on buying the deluxe experience for two at this event. There is a link in their message to you and it takes you to a very believable looking Facebook login page. You dutifully enter your credentials and are taken to your Facebook page where you look at various things and then go back to what you were doing. Behind the scenes, an attacker just stole your personal Facebook credentials and will steal more of your personal information to use it against you. In a different scenario, your boss sends you an email urgently asking you to guy buy gift cards and text the redemption codes to him at a different number. Another scam email demands personal information be sent for the redemption of a prize.

All of the above phishing scams have been seen in the wild and all of them have successfully fooled otherwise intelligent people into believing the story being presented. That is why the battle for phishing protection is won and lost at the point where users get their email messages, in this case their inbox. The next best defense against phishing emails of any kind is to ensure people are regularly tested and trained to spot phishing email attacks.

Dark Rhino’s managed phishing protection includes the ability to conduct regular phishing assessment campaigns directed at a company’s users. Should users fail the assessment remedial training can be assigned to help them spot malicious emails in the future. This regular testing and training turn potential victims into security assets. Trained users are far less likely to fall for advanced phishing emails and increases the chances that should malicious emails make it past protections, users will be report them or at least not fall for them. Our Phishing Protection service makes it possible to create and support a culture that reports any message that looks suspicious for review. Built in feedback loops can inform users the disposition of emails quarantined from their inbox so they can ask they be restored, and they can see the disposition of reported emails they deemed were suspicious enough to report using the built in “Report Phishing” button.

  • Utilizes Natural Language Processing to look for typical BEC language.
  • Run in the cloud, on-premises or through a hybrid model for Office 365 and G Suite support
  • Detect anomalies and non-signature-based threats missed by SEGs.
  • Requires absolutely no changes to MX records, reducing IT stress and workload burdens.
  • Analyzes user email patterns and behavior to remediate threats in real time.
  • Presents clear, color-coded warning banners makes it easy for employees to spot threats at a glance.

Here are some tips to help you improve your level of phishing protection and safeguard your personal information.

Steps you can take to minimize phishing attacks as an end user:

  • Limit the sharing of personal information attackers may use against you to create context for their attacks.
  • Ensure you are using multi-factor authentication solutions for all email accounts.
  • Verify payment changes and transaction details in person or using a known good contact number. Do not share credit card numbers or other personal information in situations where contact was not initiated by you, always verify the source directly with a trusted communication channel.
  • Be aware of scams and be especially wary of requests that seem odd, pushy, or urgent in their nature and DO NOT click on a link until you are certain the sender of the email message is legitimate.
  • Respond to suspected BEC using alternative communications such as face to face or known good contact numbers, reset email passwords immediately and ensure multi-factor or two factor authentication is enabled. Inform relevant external parties that communications may be compromised and they should reset passwords and enable multi-factor authentication.
  • Regularly participate in phishing awareness training.

Steps you can take to improve phishing protection as an IT administrator:

  • Prohibit automatic forwarding of email to external addresses.
  • Prohibit out of domain forwarding.
  • Add an email banner to messages coming from outside your organization.
  • Ensure passwords are regularly changed every 90 days.
  • Enable alerts for suspicious login activity like foreign login attempts.
  • Enable features that block phishing and spam mail.
  • Configure SPF, DMARC, DKIM records to prevent spoofing of your domain and validate your company’s email.
  • Disable legacy account authentication.

or

  • Implement Dark Rhino Security’s comprehensive approach to security that leverages a suite of products combined into customer focused managed solutions:
    • Managed Phishing Protection – Powered by Ironscales
      • AI driven multipoint email inspection that continues to learn and improve
      • Managed user phishing assessment and awareness training
      • Phishing emails quarantined in seconds
    • Managed Identity Service – Powered by Okta
      • Multi-factor authentication
      • Alerting and protection from unauthorized use of valid credentials
      • User provisioning and deprovisioning by policy
      • User managed password reset process
    • DRSIEM – Powered by Dark Rhino’s own proprietary SIEM as a service
      • Correlate events to uncover malicious activity
      • Enables threat hunting
      • Enables detection and response via advanced agent
    • Iπ&R – Incident Prevention Incident Identification and Response
      • Detect advanced persistent threats and respond in minutes.
      • See all the files, processes, artifacts, and history on your devices
      • Enables threat hunting and Incident Response on demand
    • Managed Next Gen Anti-Virus
      • Advanced endpoint protection that prevents malware
      • Uses AI to uncover advanced malicious files and stop ransomware.
      • Configure to isolate threats before they become a problem
      • Stop unwanted software
    • Managed Cloud Based Patching
      • Deploy packages and updates via configurable policy and group no matter where the devices are located.
      • Harden endpoints by patching user devices and permissive servers regularly.

Sources: https://www.ic3.gov/Media/Y2020/PSA200406; https://www.fbi.gov/video-repository/phoenix-tech-june2021.mp4/view;

Need OKTA Consulting or managed services?

WHY CHOOSE US?

WE’RE DRIVEN BY VALUE INNOVATION

We’ve developed strategic partnerships and vendor relationships with industry experts to offer world-class tools at exceptional rates. We’re constantly scanning the market to modernize our services, thus equipping our clients with comprehensive solutions and an infallible security posture. We render the competition irrelevant through value innovation, thus opening market opportunities that have historically been untapped.

WE LISTEN

Protecting all aspects of your business is our priority. Our dedicated staff will coordinate an exhaustive consultation process with your team to understand your unique requirements. From the conception phase to post-project support, we promise to deliver custom solutions to suit your needs, every step of the way!

WE’RE FLEXIBLE

Whether you require a turn-key solution or select services to address gaps with your in-house security team, we’ve got you covered! Our polyvalent approach is designed to improve your on-premise and cloud-based cybersecurity posture, around the clock, no matter the size of your company, infrastructure and budget.

WE’RE INTERNATIONAL

We have multiple teams readily available and are constantly expanding to new markets. Along with our head office in Columbus (US), we have experts in London (UK), Montréal (Canada) and Copenhagen (Denmark).

WE GIVE BACK

We support organizations that have a positive impact in their communities. We invest in philanthropic programs and rally around charitable work and causes that are important, because it’s part of our core values.

In recognition of their service to our country, Dark Rhino Security actively seeks to recruit and employ veterans throughout its workforce.  The brave service members who have served our nation’s interests deserve employment and academic opportunities, once their military service is at an end. We are very proud that almost 50% of our team have served our country

WE’RE QUALIFIED

Our team is highly certified and offers training. Because our field is constantly evolving, we prioritize ongoing education and invest in cutting-edge technologies to respond to emerging trends with razor-sharp precision. As a result, our skilled engineers can deliver in-depth cybersecurity training to professionals of all paths.

international teams available

WE’RE INTERNATIONAL

We have multiple teams readily available and are constantly expanding to new markets.

flexibility if turn-key solution required for in-house security team

WE’RE FLEXIBLE

Whether you require a turn-key solution or select services to address gaps with your in-house security team, we’ve got you covered!

qualified and certified cybersecurity team that offers training

WE’RE QUALIFIED

Our team is highly certified and offers training.