As cybersecurity solutions become better at detecting email-based threats using machine learning (ML) and other advanced tools, cybercriminals continue to tweak their arsenal and employ leveled up versions of tried-and-tested social engineering tactics — such as phishing — to increase the likelihood of users falling for fraud, identity theft, or spoofing which could lead to enterprises losing substantial amounts of money. The FBI reports that between October 2013 and May 2018, businesses in and outside of the U.S. have lost over US$12.5 billion dollars from business email compromise (BEC) scams.
Our annual Cloud App Security report reveals that in 2018 alone, our Trend Micro™ Smart Protection Network™ security infrastructure blocked over 41 billion email threats. With heightened awareness that it just takes one successful phishing email for a business to incur massive financial losses, companies have learned to employ better email security solutions and practices. To this, cybercriminals responded by changing gears and improving their phishing strategies.
More Sophisticated Phishing Techniques
Today, it’s not just malware used that’s evolving and targeted – the technique in which it is delivered to victims has also taken on these characteristics.
Phishing has been morphing. According to the recently released Microsoft Security Intelligence Report cybercriminals are making it harder even for advanced cybersecurity tools to detect phishing emails. They are now sending phishing emails via varied infrastructure, avoiding using a single URL, IP address, or domain for sending out the emails. Aside from this, there has been a noted growth in the use of popular document sharing and collaboration sites by attackers in siphoning off sensitive user information such as email addresses, usernames, and passwords via fraudulent login forms. Out of the 8.9 million high-risk email threats that our Trend Micro™ Cloud App Security™ solution detected and blocked in 2018, we found that 40 percent of them were credential phishing attacks.
The Microsoft report also notes that attackers have increasingly used compromised email accounts to spread malicious emails in and out of an organization. The report also reveals that phishing campaigns made use of a combination of email-based attacks: one that is short, which is operative for several minutes; one that is active for an extended period of time and at a great volume; and a “serial variant” which is active for a period of consecutive days and at a small volume.
In addition, last year, we observed a unique phishing campaign at work — it uses compromised email accounts to reply to ongoing email threads. The legitimate-looking email responses contain malicious documents that house the banking trojan and spyware URSNIF, which victims unwittingly downloaded to their systems. We also saw an Apple ID phishing scam that scare users into clicking links to a credential phishing site, telling them that their service will be suspended if they do not reveal their personal information. We also detected a peculiar combination of phishing and malware techniques used in a campaign that spread the CamuBot banking trojan to business-class bank users in Brazil.
Trend Micro Solutions
As phishing attacks become more sophisticated, identifying them through awareness and proper training becomes all the more crucial in keeping enterprises and organizations better protected. Employing the right security solutions that combine traditional defenses and advanced technologies such as artificial intelligence (AI) and ML can help tighten defenses against a broad range of cyberthreats brought about by phishing schemes.
Trend Micro endpoint solutions such as the Smart Protection Suites and Worry-Free Business Security solutions can protect users and businesses from threats by detecting malicious files and messages as well as blocking all related malicious URLs. The Trend Micro Deep Discovery™ solution has an email inspection layer that can protect enterprises by detecting malicious attachments and URLs.
The use of AI and ML in Trend Micro email security products enhances the overall cyberdefense against BEC, email account compromise (EAC), phishing, and other advanced threats. Trend Micro’s anti-phishing technology combines the knowledge of a security expert with a self-learning mathematical model to identify fake emails by looking at both behavioral factors and the intention of an email.
Writing Style DNA is an ML-powered technology that can help detect email impersonation tactics used in BEC and similar scams. It uses ML to recognize the DNA of a user’s writing style based on past emails and then compares it to suspected forgeries. The technology verifies the legitimacy of the email content’s writing style through an ML model that contains the legitimate email sender’s writing characteristics.
Trend Micro has also introduced FraudBuster, which analyzes the contents of an email, SMS, or chat message from messaging platforms such as WhatsApp to determine the likelihood of it being a scam. Users are encouraged to check any message using the free tool if they have even the slightest doubt about its contents. FraudBuster also provides advice on how to proceed after receiving a fraudulent message.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.