RMail’s RSecurity E-Security Suite Stops Whaling, BEC Attacks Before They Happen
Seeing as it’s Friday, I thought I’d ask which of the following “facts” are actually common misconceptions:
- Twinkle Twinkle Little Star was composed by Mozart.
- Vikings wore horns on their helmets.
- Canada is north of the United States.
- A toilet’s flush will change direction depending upon which hemisphere it is in.
(The answer will be revealed at the end of the article.)
Another common misconception is that whales are fish when they are actually closer to us humans. Yes, whales and fish swim in water, but that’s where the similarity ends. Whales are warm-blooded while almost all fish are cold-blooded. Fish also breath through gills while whales have lungs and breath air from above the ocean’s surface. In addition, whales give birth to live young while most fish lay eggs.
So, it baffles me that these supposedly smart, sophisticated internet sleuths have named the practice of going after bigger fish/phish, “whaling” with utter disregard for the science behind what makes a whale a non-fish. (If you’re thinking I should have bigger phish to fry at this point, you could be right.)
As you may already know, in e-security circles “whaling” is a highly targeted email-based attack aimed at a company’s senior executives. According to the UK’s National Cyber Security Centre, “whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds. Whaling does not require extensive technical knowledge yet can deliver huge returns. As such, it is one of the biggest risks facing businesses.”
And you also might already know, RMail’s Anti-Whaling™ features detect cleverly designed impostor emails, and alert the sender(s), which prevents naïve email replies to the email impostor. According to the latest Osterman Research study (download here), a lack of awareness of potential human e-security errors before they happen in the email send flow is among the core explanations of widespread Business Email Compromise (BEC) attacks.
As we mentioned last week, since BEC is about tricking us humans into making mistakes with big financial consequences, the main way to solve for this is to build into Microsoft Outlook a non-intrusive automated way to continuously make staff aware of potential e-security mishaps. RMail now does just that, simply put.
In the Anti-Whaling™ feature set, RMail’s Right Recipient™ prompts users to double check recipient addresses if the RSecurity AI engine determines that the sender is about to misaddress a sensitive email. It also alerts the sender if the recipient domain is likely to be a clever misspell of an authentic recipient domain, considering domain age and other variables.