Internal Employee Impersonations
Attackers use your employees as the Display Name in phishing campaigns to bring familiarity and trust to their Business Email Compromise (BEC) attacks. Finding this information is easy by cybercriminals, as LinkedIn and other online tools provide insight into the structure and relationships within an organization. And, because the phish appears to be from a trusted colleague, users are tricked into taking action by transferring money or sharing sensitive information.
Detecting Internal Employee Impersonations Attacks with GreatHorn
GreatHorn’s advanced anomaly detection uses artificial intelligence, machine learning and data science to automatically learn legitimate communication patterns between senders and recipients, identifying the anomalous emails, attachments, and links.
GreatHorn analyzes all communication patterns between senders and recipients using behavioral analytics within our AI and ML models, providing organizations with immediate detection and insight into anomalous emails.
Strength of a sender’s individual relationship to the recipient, as well as a “friends of friends” system that accounts for the sender’s overall relationship with others in the recipient’s organization.
Analysis for employee display name spoofs, domain spoofs, and domain look-alikes, including comparison against known email addresses, executive impersonation tactics, and email authentication standards.
Sophisticated analysis of domain reputation, sending IP, and header information, including determining variations in expected authentication results for DMARC, DKIM, and SPF.
Deep content inspection based on keywords, regular expressions (RegEx), attachments, and URLs, to identify common spear phishing tactics—wire transfer and W2 requests, credential theft attacks, business service impersonations—all without storing the content or the mail.
Establishes an understanding of communication patterns unique to a specific individual and a specific organization, such as email frequency, volume, recipients, sending patterns and more.