• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Beyond Catching Sender Spoofing – using AI to stop email fraud and Business Email Compromise

Beyond Catching Sender Spoofing – using AI to stop email fraud and Business Email Compromise

  • Posted on:November 1, 2017
  • Posted in:Business, Security
  • Posted by:
    Joyce Huang
0
BEC attacks have become more sophisticated to fool users.

In September, we announced our new email security technologies powered by XGen™ and a new product, Smart Protection for Office 365. One key technology introduced was our new AI based Email fraud, or Business Email Compromise (BEC), detection technique.

A user receiving a BEC email will have a difficult time telling whether it is fake or real. He or she would likely focus on the action they need to take to satisfy the urgent request of an executive and miss subtle indications that the email was fake. Traditional email security solutions struggle with these attacks since there is usually no attachment or URL to examine and content looks the same as a legitimate email. These facts make BEC attacks difficult to detect and damaging with the average loss per incident of $132,000 according to the FBI.

Trend Micro Hosted Email Security includes email authentication standards (SPF, DKIM, and most recently DMARC) to prevent domain/sender spoofing but this only solves part of the equation. These standards prevent your domain/senders from being spoofed but don’t prevent other email forging techniques, like “free email account abuse” (using a free but legit email domain name) and “compromised email account abuse” (using a compromised account attacking internally). Additional BEC technologies are needed to fully protect email users.

How Trend Micro uses A.I. to detect BEC

Let’s take a closer look at how we detect fake emails or Business Email Compromise attacks. A user receiving a BEC email will have a difficult time telling if it is fake. The content looks legitimate and the attackers will play into the employee’s desire to be responsive to the executive they are impersonating.

Trend Micro uses artificial intelligence that combines the knowledge of a security expert with a self-learning mathematical model to identify the fake emails. A security expert examining an email would look at both the behavioral factors of an email and the intention of the email.

 

In the mail header the security researcher would look at factors such as: is the email coming from an insecure email provider, is the sender’s domain similar to the target organization, is the sender using a name of an executive at the recipient’s organization, and many other factors.

 

The researcher would also read the content of the email to decipher its intention. Suspicious factors would include a sense of urgency, a request for action, or a financial implication. None of these factors are suspicious on their own, but they paint a more complete picture when combined with the attacker behavioral factors.

 

We can mimic the decision-making process of the security researcher with a form of artificial intelligence called an Expert System. The rules of the researcher decide which factors of the email to examine and rank whether they are suspicious.

We then use a second form of artificial intelligence called machine learning which takes the results of the expert system and uses a computer-generated algorithm to determine if the email is real, fake or suspicious. The machine learning algorithm is based on millions of good and fake emails and is constantly learning and improving. It weighs the results of the expert rules and more accurately detects the fraudulent email as fake.

 

Even trained users struggle to spot phishing emails. Trend Micro combines the decision-making rules of a security expert with the power of machine learning to find fake emails and avoid damaging Business Email Compromise attacks.

Why is Trend Micro’s BEC detection technique different?

1. Protecting from not only sender spoofing, but also suspicious content

We analyze not only email behavior (ex: forged sender), but also intention (ex: urgency), by using both Expert System and machine learning.

2. Includes internal BEC protection for compromised email account

When a user’s account or mailbox is compromised, usually after a phishing attack, the attacker can use the compromised account to send internal phishing or BEC emails. Because the email is coming from a legitimate user’s mailbox, there won’t be anything suspicious on the mail header or sender address. Therefore, sender authentication techniques are not able to detect this. Trend Micro’s Cloud App Security, which is included in Smart Protection for Office 365, can detect internal BEC attacks on Office 365 email.

3. Includes high-profile users protection

Since BEC scams target high profile users such as company executives, extra scrutiny is applied to high-profile users which are identified by the customer using Active Directory groups or by entering their email address. Trend Micro will check incoming email messages claimed to be sent from those users and apply fraud checking criteria to identify forged messages.

4. No extra charge

BEC protection is included in Smart Protection for Office 365, which includes Hosted Email Security (cloud email gateway) and Cloud App Security (API-based service integration). No extra charge is needed as we think all customers deserve the best BEC protection. 

Complete threat protection for your Office 365 email and file sharing

Smart Protection for Microsoft Office 365 gives you the advantages of both a gateway and service integrated solution. The gateway provides pre-delivery against phishing, fraud, and advanced threats along with outbound compliance using DLP and encryption. The service integrated layer protects internal email, OneDrive, Box, Dropbox and SharePoint and is able to search existing mailboxes and files for threats.

Related posts:

  1. The New Email Security Technologies Powered by XGen™
  2. Trend Micro InterScan Messaging Security now Protects you from Business Email Compromise, Ransomware, and More
  3. Business email compromise: Who’s most at risk and what’s at stake?
  4. The BEC List: Helping Thwart Business Email Compromise through Collaboration

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.